Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
Craft CMS: Authorized asset "preview file" requests bypass allows users without asset access to retrieve private preview metadata Low
GHSA-44px-qjjc-xrhq was published for craftcms/cms (Composer) Mar 26, 2026
GCXWLP Credited to GCXWLP
Craft CMS may expose private assets through anonymous "generate transform" calls via transform URL Low
CVE-2026-33160 was published for craftcms/cms (Composer) Mar 24, 2026
GCXWLP Credited to GCXWLP
Skuul School Management System has an Insecure Direct Object Reference (IDOR) Vulnerability in View Fee Invoice Low
CVE-2025-12918 was published for yungifez/skuul (Composer) Nov 9, 2025
Economizzer Insecure Direct Object Reference vulnerability Low
CVE-2023-38872 was published for gugoan/economizzer (Composer) Sep 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database