GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
canto-saas-api: Authenticated API requests can be redirected via unencoded path variables
Moderate
CVE-2026-55374
was published
for
jleehr/canto-saas-api
(Composer)
Jun 19, 2026
SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch
Moderate
CVE-2026-47767
was published
for
symfony/runtime
(Composer)
Jun 9, 2026
ShowDoc has an Injection vulnerability
Moderate
CVE-2026-6982
was published
for
showdoc/showdoc
(Composer)
Apr 25, 2026
Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite
Moderate
CVE-2025-27794
was published
for
flarum/core
(Composer)
Mar 12, 2025
ImapEngine affected by command injection via the ID command parameters
Moderate
CVE-2026-2469
was published
for
directorytree/imapengine
(Composer)
Feb 14, 2026
Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling
Moderate
GHSA-595p-g7xc-c333
was published
for
algolia/algoliasearch-magento-2
(Composer)
Jan 14, 2026
Duplicate Advisory: Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document
Moderate
GHSA-8m2r-x2m2-3wmw
was published
for
pimcore/pimcore
(Composer)
Jan 28, 2025
•
withdrawn
croogo Host header injection
Moderate
CVE-2024-29643
was published
for
croogo/croogo
(Composer)
Apr 21, 2025
phpMyAdmin vulnerable to Cross-site Scripting
Moderate
CVE-2016-5701
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Leantime has Host Header Injection Vulnerability
Moderate
GHSA-99r5-84gr-59f6
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
Moodle vulnerable to cache poisoning via injection into storage
Moderate
CVE-2024-43428
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Twig security issue where escaping was missing when using null coalesce operator
Moderate
CVE-2025-24374
was published
for
twig/twig
(Composer)
Jan 29, 2025
Duplicate Advisory: pimcore/customer-data-framework vulnerable to SQL Injection: Hibernate
Moderate
GHSA-8m8m-98c9-vw7q
was published
for
pimcore/customer-data-framework
(Composer)
Jan 28, 2025
•
withdrawn
Symfony allows changing the environment through a query
Moderate
CVE-2024-50340
was published
for
symfony/runtime
(Composer)
Nov 6, 2024
Contao affected by insert tag injection via canonical URL
Moderate
CVE-2024-45612
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
Moderate
GHSA-gff2-p6vm-3p8g
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
ZendFramework Potential Proxy Injection Vulnerabilities
Moderate
GHSA-mg7h-9qfx-4r83
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension
Moderate
GHSA-g5vj-wj9x-4jg9
was published
for
symbiote/silverstripe-multivaluefield
(Composer)
May 29, 2024
SimpleSAMLphp Link Injection vulnerability
Moderate
GHSA-v858-922f-fj9v
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
Pusher Service Channel Authentication Bypass
Moderate
GHSA-7v7m-pcw5-h3cg
was published
for
pusher/pusher-php-server
(Composer)
May 20, 2024
SilverStripe CSV Excel Macro Injection
Moderate
CVE-2017-18049
was published
for
silverstripe/framework
(Composer)
May 14, 2022
Contao Insert tag injection in forms
Moderate
CVE-2020-25768
was published
for
contao/contao
(Composer)
Sep 24, 2020
Contao: Insufficient BBCode sanitizer
Moderate
CVE-2024-28234
was published
for
contao/comments-bundle
(Composer)
Apr 9, 2024
MediaWiki makeCollapsible allows applying event handler to any CSS selector
Moderate
CVE-2020-10960
was published
for
mediawiki/core
(Composer)
May 24, 2022
Magento 2 Community Edition Injection Vulnerability
Moderate
CVE-2019-7889
was published
for
magento/community-edition
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API