GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
8 advisories
Privilege escalation via form generator
High
CVE-2021-37627
was published
for
contao/contao
(Composer)
Aug 23, 2021
PHP file inclusion via insert tags
Moderate
CVE-2021-37626
was published
for
contao/contao
(Composer)
Aug 23, 2021
API Platform Core does not call GraphQl securityAfterResolver
Moderate
CVE-2025-23204
was published
for
api-platform/core
(Composer)
Mar 24, 2025
Sulu vulnerable to XXE in SVG File upload Inspector
Moderate
CVE-2025-47778
was published
for
sulu/sulu
(Composer)
May 15, 2025
GraphQL query operations security can be bypassed
High
CVE-2025-31481
was published
for
api-platform/core
(Composer)
Apr 4, 2025
GraphQL grant on a property might be cached with different objects
High
CVE-2025-31485
was published
for
api-platform/core
(Composer)
Apr 4, 2025
Contao is vulnerable to remote code execution in template closures
Moderate
CVE-2025-65960
was published
for
contao/core-bundle
(Composer)
Nov 25, 2025
Contao is vulnerable to cross-site scripting in templates
Low
CVE-2025-65961
was published
for
contao/core-bundle
(Composer)
Nov 25, 2025
ProTip!
Advisories are also available from the
GraphQL API