Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

146 advisories

Loading
Neuron MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”) Critical
CVE-2025-67510 was published for neuron-core/neuron-ai (Composer) Dec 9, 2025
siewer
Credited to siewer
Mautic user without privileged access to the Marketplace can install and uninstall composer packages Critical
CVE-2025-13828 was published for mautic/core (Composer) Dec 2, 2025
driskell escopecz
patrykgruszka
Credited to driskell, escopecz, and patrykgruszka
phppgadmin contains an incorrect access control vulnerability Moderate
CVE-2025-60799 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
Magento improper access control vulnerability within Magento's Media Gallery Upload workflow Critical
CVE-2021-36036 was published for magento/community-edition (Composer) Sep 6, 2023
Moodle course access permissions are not properly checked in course_output_fragment_course_overview Moderate
CVE-2025-62393 was published for moodle/moodle (Composer) Oct 23, 2025
Magento Improper Access Control Leads to Privilege escalation Moderate
CVE-2024-39414 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Access Control leads to Security feature bypass Moderate
CVE-2025-27191 was published for magento/community-edition (Composer) Apr 8, 2025
Magento Improper Access Control leads to Security feature bypass Moderate
CVE-2025-27190 was published for magento/community-edition (Composer) Apr 8, 2025
Magento Improper Access Control leads to security feature bypass Moderate
CVE-2025-27206 was published for magento/community-edition (Composer) Jun 10, 2025
phpMyFAQ duplicate email registration allows multiple accounts with the same email High
CVE-2025-59943 was published for thorsten/phpmyfaq (Composer) Oct 3, 2025
halas98
Credited to halas98
Contao applies improper access control in the back end voters Moderate
CVE-2025-57758 was published for contao/contao (Composer) Aug 28, 2025
UnoPim has Broken Access Control High
CVE-2025-55741 was published for unopim/unopim (Composer) Aug 22, 2025
0xcharb
Credited to 0xcharb
Mautic segment cloning doesn't have a proper permission check Moderate
CVE-2024-47055 was published for mautic/core (Composer) May 28, 2025
abhisekmazumdar patrykgruszka
nick-vanpraet
Credited to abhisekmazumdar, patrykgruszka, and nick-vanpraet
Mautic's Predictable Page Indexing Might Lead to Sensitive Data Exposure Moderate
CVE-2025-5257 was published for mautic/core (Composer) May 28, 2025
The femanager TYPO3 extension allows Insecure Direct Object Reference Moderate
CVE-2025-48202 was published for in2code/femanager (Composer) May 21, 2025
TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz) Moderate
CVE-2022-47407 was published for fixpunkt/fp-masterquiz (Composer) Dec 14, 2022
MarkLee131
Credited to MarkLee131
Magento Improper Access Control vulnerability Moderate
CVE-2025-24436 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24437 was published for magento/community-edition (Composer) Feb 11, 2025
yag and pt_extbase extensions for TYPO3 allow remote attackers to bypass access restrictions High
CVE-2014-6289 was published for dl/yag (Composer) May 17, 2022
Moodle does not use the forceloginforprofiles setting for course-profiles access control Moderate
CVE-2011-4279 was published for moodle/moodle (Composer) May 13, 2022
Frontend User Registration extension for TYPO3 does not properly verify access rights High
CVE-2009-1264 was published for sjbr/sr-feuser-register (Composer) May 2, 2022
Joomla! allows attackers to access cached pages Moderate
CVE-2008-3226 was published for joomla/joomla-platform (Composer) May 1, 2022
Shopware Broken ACL on Document retrieval to access other customers documents Moderate
GHSA-68wv-g3fw-pq7q was published for shopware/core (Composer) Apr 8, 2025
TastyIgniter Has an Incorrect Access Control Vulnerability via `invoice()` Function High
CVE-2024-44313 was published for tastyigniter/tastyigniter (Composer) Mar 18, 2025
Magento Open Source allows Improper Access Control Moderate
CVE-2022-35689 was published for magento/community-edition (Composer) Oct 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database