Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

188 advisories

Loading
Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields Moderate
CVE-2026-33886 was published for statamic/cms (Composer) Mar 26, 2026
offset Credited to offset
Statamic's Markdown preview endpoint exposes sensitive user data Moderate
CVE-2026-33882 was published for statamic/cms (Composer) Mar 26, 2026
joshuaalwin Credited to joshuaalwin
AVideo: Unauthenticated Access to Scheduler Plugin Endpoints Leaks Scheduled Tasks, Email Content, and User Mappings Moderate
CVE-2026-33761 was published for wwbn/avideo (Composer) Mar 26, 2026
offset Credited to offset
Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground Moderate
CVE-2026-27131 was published for putyourlightson/craft-sprig (Composer) Mar 23, 2026
Neosprings Credited to Neosprings and bencroker bencroker bencroker
AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php Moderate
CVE-2026-33041 was published for wwbn/avideo (Composer) Mar 17, 2026
offensiveee Credited to offensiveee
Amazon S3 for Craft CMS has an Information Disclosure vulnerability Moderate
CVE-2026-32265 was published for craftcms/aws-s3 (Composer) Mar 16, 2026
Neosprings Credited to Neosprings
funadmin exposes sensitive information via getMember function Moderate
CVE-2026-2894 was published for funadmin/funadmin (Composer) Feb 22, 2026
Magento's X-Original-Url header can expose admin url Moderate
CVE-2026-25523 was published for openmage/magento-lts (Composer) Feb 2, 2026
anees0xdev Credited to anees0xdev
phpMyFAQ: Public API endpoints expose emails and invisible questions Moderate
CVE-2026-24422 was published for phpmyfaq/phpmyfaq (Composer) Jan 23, 2026
Brahim-Fouad Credited to Brahim-Fouad
MineAdmin May Expose Sensitive Information to an Unauthorized Actor Moderate
CVE-2026-1194 was published for mineadmin/mineadmin (Composer) Jan 20, 2026
Craft CMS vulnerable to potential information disclosure via unchecked asset relocation Moderate
CVE-2025-68436 was published for craftcms/cms (Composer) Jan 5, 2026
z3rco Credited to z3rco
Grav Exposes Password Hashes Leading to privilege escalation Moderate
CVE-2025-66304 was published for getgrav/grav (Composer) Dec 2, 2025
alix41dsec Credited to alix41dsec
Moodle exposed the names of hidden groups to users Moderate
CVE-2025-62400 was published for moodle/moodle (Composer) Oct 23, 2025
TYPO3 CSV download feature information disclosure Moderate
CVE-2025-59019 was published for typo3/cms-backend (Composer) Sep 9, 2025
Contao can disclose sensitive information in the news module Moderate
CVE-2025-57757 was published for contao/contao (Composer) Aug 28, 2025
fritzmg Credited to fritzmg
Contao discloses sensitive information in the front end search index Moderate
CVE-2025-57756 was published for contao/contao (Composer) Aug 28, 2025
fritzmg Credited to fritzmg
Moodle reveals student identities through assignment submissions search on anonymous submissions Moderate
CVE-2025-3628 was published for moodle/moodle (Composer) Apr 25, 2025
Magento Information Exposure vulnerability Moderate
CVE-2025-24408 was published for magento/community-edition (Composer) Feb 11, 2025
Browsershot Improper Input Validation vulnerability Moderate
CVE-2024-21549 was published for spatie/browsershot (Composer) Dec 20, 2024
Moodle IDOR when accessing list of badge recipients Moderate
CVE-2024-48900 was published for moodle/moodle (Composer) Nov 13, 2024
Magento Open Source Information Exposure vulnerability Moderate
CVE-2024-45134 was published for magento/community-edition (Composer) Oct 10, 2024
MantisBT vulnerable to information disclosure with user profiles Moderate
CVE-2024-45792 was published for mantisbt/mantisbt (Composer) Sep 30, 2024
c-schmitz Credited to c-schmitz and dregad dregad dregad
Mautic allows users enumeration due to weak password login Moderate
CVE-2024-47059 was published for mautic/core (Composer) Sep 18, 2024
tomekkowalczyk Credited to tomekkowalczyk, patrykgruszka, escopecz, and rafibz007 patrykgruszka patrykgruszka
escopecz escopecz rafibz007 rafibz007
Pimcore vulnerable to disclosure of system and database information behind /admin firewall Moderate
CVE-2024-41109 was published for pimcore/admin-ui-classic-bundle (Composer) Jul 30, 2024
mysliwietzflorian Credited to mysliwietzflorian
Silverstripe Reports are still accessible even when `canView()` returns false Moderate
CVE-2024-29885 was published for silverstripe/reports (Composer) Jul 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database