Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

15 advisories

Loading
Moodle denial-of-service risk in the draft files area High
CVE-2021-32476 was published for moodle/moodle (Composer) Mar 12, 2022
DDOS attack on graphql endpoints High
CVE-2023-28104 was published for silverstripe/graphql (Composer) Mar 16, 2023
GuySartorelli Credited to GuySartorelli
Uncontrolled Resource Consumption in moodle High
CVE-2024-25978 was published for moodle/moodle (Composer) Feb 19, 2024
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames High
GHSA-w8gf-g2vq-j2f4 was published for amphp/http-client (Composer) Apr 3, 2024
bartekn Credited to bartekn
TYPO3 Denial of Service in Frontend Record Registration High
GHSA-hjx5-v9xg-7h25 was published for typo3/cms-core (Composer) May 30, 2024
Flooding Server with Thumbnail files High
CVE-2024-32871 was published for pimcore/pimcore (Composer) Jun 4, 2024
jheimbach Credited to jheimbach and dandanx dandanx dandanx
TYPO3 Denial of Service in Frontend Record Registration High
GHSA-g585-crjf-vhwq was published for typo3/cms (Composer) Jun 7, 2024
Drupal Admin Audit Trail Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2025-48448 was published for drupal/admin_audit_trail (Composer) Jun 11, 2025
PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking High
GHSA-fqqv-56h5-f57g was published for pocketmine/pocketmine-mp (Composer) Sep 2, 2025
Zwuiix-cmd Credited to Zwuiix-cmd and dktapps dktapps dktapps
Unauthenticated Craft CMS users can trigger a database backup High
CVE-2025-68456 was published for craftcms/cms (Composer) Jan 5, 2026
h4x0r-dz Credited to h4x0r-dz
offset Credited to offset
PocketMine-MP: JSON decoding of unlimited size large arrays/objects in ModalFormResponse Handling High
GHSA-788v-5pfp-93ff was published for pocketmine/pocketmine-mp (Composer) Apr 6, 2026
Zwuiix-cmd Credited to Zwuiix-cmd and dktapps dktapps dktapps
PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader High
CVE-2026-40863 was published for phpoffice/phpspreadsheet (Composer) Apr 29, 2026
offset Credited to offset
PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions High
CVE-2026-40902 was published for phpoffice/phpspreadsheet (Composer) Apr 29, 2026
offset Credited to offset
PHP JWT Library: PBES2-HS*+A*KW unwrap accepts an unbounded p2c iteration count, enabling CPU-amplification denial of service High
GHSA-3prj-6hqw-cm82 was published for web-token/jwt-framework (Composer) Jun 18, 2026
ProTip! Advisories are also available from the GraphQL API