Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,891
Erlang
24
GitHub Actions
39
Go
2,240
Maven
2,698
npm
2,899
NuGet
500
pip
2,728
Pub
5
RubyGems
364
Rust
889
Swift
19
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
October CMS: Reflected XSS via DataTable Form Widget Low
CVE-2026-27937 was published for october/system (Composer) Apr 21, 2026
daftspunk Credited to daftspunk
October CMS has Safe Mode Bypass via Twig Database Write Operations Moderate
CVE-2026-26274 was published for october/october (Composer) Apr 21, 2026
Neosprings Credited to Neosprings and daftspunk daftspunk daftspunk
October CMS has Safe Mode Bypass via CSS Preprocessor Compilers Moderate
CVE-2026-26067 was published for october/system (Composer) Apr 21, 2026
Neosprings Credited to Neosprings and daftspunk daftspunk daftspunk
October Rain has Stored XSS via SVG Filter Bypass Moderate
CVE-2026-25133 was published for october/rain (Composer) Apr 14, 2026
daftspunk Credited to daftspunk
October Rain has Environment Variable Exfiltration via INI Parser Interpolation Moderate
CVE-2026-25125 was published for october/rain (Composer) Apr 14, 2026
daftspunk Credited to daftspunk
October CMS has Stored XSS in Event Log Mail Preview Moderate
CVE-2026-24907 was published for october/system (Composer) Apr 14, 2026
Neosprings Credited to Neosprings and daftspunk daftspunk daftspunk
October CMS has Stored XSS in Backend Editor Markup Classes Moderate
CVE-2026-24906 was published for october/system (Composer) Apr 14, 2026
Neosprings Credited to Neosprings and daftspunk daftspunk daftspunk
October Rain has a Twig Sandbox Bypass via Collection Methods Moderate
CVE-2026-22692 was published for october/rain (Composer) Apr 14, 2026
lukasz-rybak Credited to lukasz-rybak and daftspunk daftspunk daftspunk
October CMS Vulnerable to Stored XSS via Branding Styles Moderate
CVE-2025-61676 was published for october/system (Composer) Jan 9, 2026
nakkouchtarek Credited to nakkouchtarek and daftspunk daftspunk daftspunk
October CMS Vulnerable to Stored XSS via Editor and Branding Styles Moderate
CVE-2025-61674 was published for october/system (Composer) Jan 9, 2026
nakkouchtarek Credited to nakkouchtarek and daftspunk daftspunk daftspunk
Withdrawn Advisory: October Cross-site Scripting vulnerability Moderate
CVE-2023-43876 was published for october/cms (Composer) Sep 28, 2023 withdrawn
daftspunk Credited to daftspunk
October CMS - RainLab Blog Plugin XSS Moderate
CVE-2018-7198 was published for rainlab/blog-plugin (Composer) May 13, 2022
daftspunk Credited to daftspunk
October CMS File Upload Vulnerability Critical
CVE-2017-1000194 was published for october/october (Composer) May 13, 2022
daftspunk Credited to daftspunk
October CMS XSS Moderate
CVE-2017-1000193 was published for october/october (Composer) May 13, 2022
daftspunk Credited to daftspunk
October CMS CSRF High
CVE-2017-16244 was published for october/october (Composer) May 13, 2022
daftspunk Credited to daftspunk
October CMS Safe Mode bypass leads to authenticated Remote Code Execution High
CVE-2022-35944 was published for october/system (Composer) Oct 13, 2022
cydave Credited to cydave and daftspunk daftspunk daftspunk
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database