Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

137 advisories

Loading
TYPO3 CMS Allows Broken Access Control in Edit Document Controller Moderate
CVE-2025-59020 was published for typo3/cms-backend (Composer) Jan 13, 2026
Kirby is missing permission checks in the content changes API Moderate
CVE-2026-21896 was published for getkirby/cms (Composer) Jan 8, 2026
lukaskleinschmidt
Credited to lukaskleinschmidt
Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency Moderate
GHSA-vvg7-8rmq-92g7 was published for auth0/wordpress (Composer) Dec 17, 2025
Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK Moderate
GHSA-f3r2-88mq-9v4g was published for auth0/symfony (Composer) Dec 17, 2025
Auth0 Laravel SDK has Improper Audience Validation via Auth0-PHP SDK dependency Moderate
GHSA-7hh9-gp72-wh7h was published for auth0/login (Composer) Dec 17, 2025
Auth0-PHP SDK has Improper Audience Validation Moderate
CVE-2025-68129 was published for auth0/auth0-php (Composer) Dec 17, 2025
Drupal CivicTheme Design System allows Forceful Browsing High
CVE-2025-12082 was published for drupal/civictheme (Composer) Oct 30, 2025
Moodle sends quiz-related messages to inactive/suspended users Moderate
CVE-2025-62394 was published for moodle/moodle (Composer) Oct 23, 2025
Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually Moderate
GHSA-m895-2hj3-8cg9 was published for shopware/core (Composer) Oct 21, 2025
JoshuaBehrens
Credited to JoshuaBehrens
Magento allows incorrect authorization Moderate
CVE-2025-54265 was published for magento/community-edition (Composer) Oct 14, 2025
Magento provides incorrect authorization through a security feature bypass High
CVE-2025-54263 was published for magento/community-edition (Composer) Oct 14, 2025
Magento vulnerable to privilege escalation due to incorrect authorization Moderate
CVE-2025-54267 was published for magento/community-edition (Composer) Oct 14, 2025
Magento has incorrect authorization issue that leads to arbitrary file system read High
CVE-2025-49556 was published for magento/community-edition (Composer) Aug 12, 2025
Magento Security feature bypass Moderate
CVE-2025-49550 was published for magento/community-edition (Composer) Jun 26, 2025
Magento Authenticated Security feature bypass Low
CVE-2025-49549 was published for magento/community-edition (Composer) Jun 26, 2025
Drupal Commerce Eurobank (Redirect) Incorrect Authorization vulnerability High
CVE-2025-48445 was published for drupal/commerce_eurobank_redirect (Composer) Jun 11, 2025
Drupal Commerce Alphabank Redirect Incorrect Authorization vulnerability High
CVE-2025-48446 was published for drupal/commerce_alphabank_redirect (Composer) Jun 11, 2025
TYPO3 Allows Information Disclosure via DBAL Restriction Handling Low
CVE-2025-47937 was published for typo3/cms-core (Composer) May 20, 2025
christianfutterlieb eliashaeussler
Credited to christianfutterlieb and eliashaeussler
Moodle allows IDOR when accessing the cohorts report Moderate
CVE-2025-3647 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle has an IDOR in messaging web service which allows access to some user details Moderate
CVE-2025-3645 was published for moodle/moodle (Composer) Apr 25, 2025
AnonySE26
Credited to AnonySE26
Moodle's AJAX section delete does not respect course_can_delete_section() Moderate
CVE-2025-3644 was published for moodle/moodle (Composer) Apr 25, 2025
Magento Improper Authorization vulnerability Moderate
CVE-2025-27188 was published for magento/community-edition (Composer) Apr 8, 2025
GraphQL query operations security can be bypassed High
CVE-2025-31481 was published for api-platform/core (Composer) Apr 4, 2025
soyuka ausi
alanpoulain
Credited to soyuka, ausi, and alanpoulain
Drupal Two-factor Authentication (TFA) Vulnerable to Forceful Browsing High
CVE-2025-31694 was published for drupal/tfa (Composer) Apr 1, 2025
Drupal Core Vulnerable to Forceful Browsing Moderate
CVE-2025-31673 was published for drupal/core (Composer) Apr 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database