Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

418 advisories

Loading
Statamic CMS's incorrect authorization lets view-only users submit Live Preview content reserved for editors Low
CVE-2026-54244 was published for statamic/cms (Composer) Jun 26, 2026
jqr1449186277 Credited to jqr1449186277
PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles Low
CVE-2026-49358 was published for pontedilana/php-weasyprint (Composer) Jun 26, 2026
Aimeos Pagible CMS vulnerable to Server Side Request Forgery (SSRF) via DNS rebinding in admin proxy Low
CVE-2026-49262 was published for aimeos/pagible (Composer) Jun 26, 2026
PomPomSaturin Credited to PomPomSaturin
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion() Low
CVE-2026-8435 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple() Low
CVE-2026-8434 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan() Low
CVE-2026-8433 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star() Low
CVE-2026-8432 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id) Low
CVE-2026-8427 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id) Low
CVE-2026-8416 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder Low
CVE-2026-8415 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/design Low
CVE-2026-8413 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicate Low
CVE-2026-8414 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache Low
CVE-2026-8412 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete Low
CVE-2026-8411 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete Low
CVE-2026-8410 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete Low
CVE-2026-8409 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS: OAuth 2.0 Authorization-Code Handler Bypasses Account Status Low
CVE-2026-7887 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Stored XSS via external-link page cvName Low
CVE-2026-8139 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS's RSS Displayer block accepts a feed URL from any page editor and fetches it server-side without validation Low
CVE-2026-7890 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to IDOR in AddMessage/UpdateMessage Low
CVE-2026-7886 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to unauthorized file deletion Low
CVE-2026-7882 was published for concrete5/concrete5 (Composer) May 22, 2026
Snipe-IT's S3 signature image retrieval lacks authorization before temporary URL Low
CVE-2026-55542 was published for snipe/snipe-it (Composer) Jun 23, 2026
Snipe-IT has Improper Authorization in File Deletion (IDOR) Low
CVE-2026-55519 was published for snipe/snipe-it (Composer) Jun 23, 2026
windbreaker555 Credited to windbreaker555
phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing Low
CVE-2026-48488 was published for phpmyfaq/phpmyfaq (Composer) Jun 23, 2026
N0tFix3d Credited to N0tFix3d
symfony/ux-live-component: CSRF Protection Bypass — Accept Header is CORS-Safelisted Low
CVE-2026-49215 was published for symfony/ux-live-component (Composer) Jun 19, 2026
Kocal Credited to Kocal
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database