Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
45
GitHub Actions
47
Go
3,309
Maven
5,000+
npm
5,000+
NuGet
876
pip
4,530
Pub
12
RubyGems
1,009
Rust
1,195
Swift
51
Unreviewed advisories
All unreviewed
5,000+

185 advisories

Loading
Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground Moderate
CVE-2026-27131 was published for putyourlightson/craft-sprig (Composer) Mar 23, 2026
Neosprings Credited to Neosprings and bencroker bencroker bencroker
AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php Moderate
CVE-2026-33041 was published for wwbn/avideo (Composer) Mar 17, 2026
offensiveee Credited to offensiveee
Amazon S3 for Craft CMS has an Information Disclosure vulnerability Moderate
CVE-2026-32265 was published for craftcms/aws-s3 (Composer) Mar 16, 2026
Neosprings Credited to Neosprings
Missing Authorization in librenms/librenms Moderate
CVE-2022-0588 was published for librenms/librenms (Composer) Feb 16, 2022
Exposure of Sensitive Information in snipe/snipe-it Moderate
CVE-2022-0569 was published for snipe/snipe-it (Composer) Feb 15, 2022
Cross-site Scripting in pimcore Moderate
CVE-2022-0565 was published for pimcore/pimcore (Composer) Feb 15, 2022
funadmin exposes sensitive information via getMember function Moderate
CVE-2026-2894 was published for funadmin/funadmin (Composer) Feb 22, 2026
Magento's X-Original-Url header can expose admin url Moderate
CVE-2026-25523 was published for openmage/magento-lts (Composer) Feb 2, 2026
anees0xdev Credited to anees0xdev
MineAdmin May Expose Sensitive Information to an Unauthorized Actor Moderate
CVE-2026-1194 was published for mineadmin/mineadmin (Composer) Jan 20, 2026
phpMyFAQ: Public API endpoints expose emails and invisible questions Moderate
CVE-2026-24422 was published for phpmyfaq/phpmyfaq (Composer) Jan 23, 2026
Brahim-Fouad Credited to Brahim-Fouad
Craft CMS vulnerable to potential information disclosure via unchecked asset relocation Moderate
CVE-2025-68436 was published for craftcms/cms (Composer) Jan 5, 2026
z3rco Credited to z3rco
Grav Exposes Password Hashes Leading to privilege escalation Moderate
CVE-2025-66304 was published for getgrav/grav (Composer) Dec 2, 2025
alix41dsec Credited to alix41dsec
MongoDB Driver may publish events containing authentication-related data Moderate
CVE-2021-32050 was published for github.com/mongodb/mongo-swift-driver (Composer) Aug 29, 2023
Moodle exposed the names of hidden groups to users Moderate
CVE-2025-62400 was published for moodle/moodle (Composer) Oct 23, 2025
TYPO3 CSV download feature information disclosure Moderate
CVE-2025-59019 was published for typo3/cms-backend (Composer) Sep 9, 2025
Contao can disclose sensitive information in the news module Moderate
CVE-2025-57757 was published for contao/contao (Composer) Aug 28, 2025
fritzmg Credited to fritzmg
Contao discloses sensitive information in the front end search index Moderate
CVE-2025-57756 was published for contao/contao (Composer) Aug 28, 2025
fritzmg Credited to fritzmg
MantisBT may disclose project names to unauthorized users Moderate
CVE-2023-44394 was published for mantisbt/mantisbt (Composer) Oct 17, 2023
Moodle sensitive information disclosure Moderate
CVE-2015-5340 was published for moodle/moodle (Composer) May 13, 2022
decsecre583 Credited to decsecre583
MantisBT vulnerable to information disclosure with user profiles Moderate
CVE-2024-45792 was published for mantisbt/mantisbt (Composer) Sep 30, 2024
c-schmitz Credited to c-schmitz and dregad dregad dregad
Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2013-4522 was published for moodle/moodle (Composer) May 13, 2022
AnonySE26 Credited to AnonySE26
Moodle reveals student identities through assignment submissions search on anonymous submissions Moderate
CVE-2025-3628 was published for moodle/moodle (Composer) Apr 25, 2025
Typo3 Information Disclosure Moderate
CVE-2014-3946 was published for typo3/cms (Composer) May 17, 2022
Front End User Registration (sr_feuser_register) extension for TYPO3 allows remote attackers to obtain user names, passwords Moderate
CVE-2012-5890 was published for sjbr/sr-feuser-register (Composer) May 17, 2022
TYPO3 allows remote attackers to obtain the database name via a direct request Moderate
CVE-2012-1607 was published for typo3/cms (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database