Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,440 advisories

Loading
AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy High
CVE-2026-33039 was published for wwbn/avideo (Composer) Mar 17, 2026
bugbunny-research Credited to bugbunny-research
AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS High
CVE-2026-33043 was published for wwbn/avideo (Composer) Mar 17, 2026
offensiveee Credited to offensiveee
AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments High
CVE-2026-33038 was published for wwbn/avideo (Composer) Mar 17, 2026
bugbunny-research Credited to bugbunny-research
Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw() High
CVE-2026-31891 was published for cockpit-hq/cockpit (Composer) Mar 17, 2026
ffasterss Credited to ffasterss
Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken() High
CVE-2026-32267 was published for craftcms/cms (Composer) Mar 16, 2026
Shopware: Unauthenticated data extraction possible through store-api.order endpoint High
CVE-2026-31887 was published for shopware/core (Composer) Mar 11, 2026
mromeike Credited to mromeike, ab-pknollmann, and janschoepke ab-pknollmann ab-pknollmann
janschoepke janschoepke
simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption High
CVE-2026-32600 was published for simplesamlphp/xml-security (Composer) Mar 13, 2026
Sideni Credited to Sideni and tvdijen tvdijen tvdijen
xmlseclibs: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption High
CVE-2026-32313 was published for robrichards/xmlseclibs (Composer) Mar 13, 2026
Sideni Credited to Sideni
Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter) High
CVE-2026-32813 was published for admidio/admidio (Composer) Mar 16, 2026
restriction Credited to restriction
Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController High
CVE-2026-32264 was published for craftcms/cms (Composer) Mar 16, 2026
Craft CMS vulnerable to behavior injection RCE via EntryTypesController High
CVE-2026-32263 was published for craftcms/cms (Composer) Mar 16, 2026
q1uf3ng Credited to q1uf3ng
RCE via SSTI for users with permissions to access the Craft CMS Webhooks plugin High
CVE-2026-32261 was published for craftcms/webhooks (Composer) Mar 16, 2026
Neosprings Credited to Neosprings
File Upload(RCE) Vulnerability in admidio High
CVE-2026-32756 was published for admidio/admidio (Composer) Mar 16, 2026
arrester Credited to arrester
Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability High
CVE-2026-32268 was published for craftcms/azure-blob (Composer) Mar 16, 2026
Neosprings Credited to Neosprings
Uncontrolled Resource Consumption in moodle High
CVE-2024-25978 was published for moodle/moodle (Composer) Feb 19, 2024
Cross-Site Request Forgery in moodle High
CVE-2024-25982 was published for moodle/moodle (Composer) Feb 19, 2024
October CMS Cross-site Scripting vulnerability High
CVE-2023-25365 was published for october/october (Composer) Feb 9, 2024
Shopware vulnerable to a potential take over of app credentials High
CVE-2026-31889 was published for shopware/core (Composer) Mar 11, 2026
LimeSurvey is vulnerable to SQL injection High
CVE-2025-56421 was published for limesurvey/limesurvey (Composer) Mar 10, 2026
CraftCMS's `ElementSearchController` Affected by Blind SQL Injection High
CVE-2026-31858 was published for craftcms/cms (Composer) Mar 11, 2026
Neosprings Credited to Neosprings
CraftCMS has an RCE vulnerability via relational conditionals in the control panel High
CVE-2026-31857 was published for craftcms/cms (Composer) Mar 11, 2026
Neosprings Credited to Neosprings
Sylius has a Promotion Usage Limit Bypass via Race Condition High
CVE-2026-31824 was published for sylius/sylius (Composer) Mar 11, 2026
whiteov3rflow Credited to whiteov3rflow and bnBart bnBart bnBart
Sylius affected by IDOR in Cart and Checkout LiveComponents High
CVE-2026-31820 was published for sylius/sylius (Composer) Mar 11, 2026
p- Credited to p- and m-y-mo m-y-mo m-y-mo
Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking High
CVE-2026-29175 was published for craftcms/commerce (Composer) Mar 10, 2026
mHe4am Credited to mHe4am
Craft Commerce is Vulnerable to SQL Injection in Commerce Purchasables Table Sorting High
CVE-2026-29172 was published for craftcms/commerce (Composer) Mar 10, 2026
mHe4am Credited to mHe4am
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database