GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,908 advisories
PrestaShop Checkout allows customer account takeover via email
Critical
CVE-2025-61922
was published
for
prestashop/ps_checkout
(Composer)
Oct 16, 2025
bagisto has Cross Site Scripting (XSS) in Create New Customer
Moderate
CVE-2025-62414
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG)
Moderate
CVE-2025-62418
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
bagisto has Server Side Template Injection (SSTI) in Product Description
Moderate
CVE-2025-62416
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)
Moderate
CVE-2025-62415
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
bagisto has CSV Formula Injection in Create New Product
Critical
CVE-2025-62417
was published
for
bagisto/bagisto
(Composer)
Oct 16, 2025
Mautic allows Relative Path Traversal in assets file upload
Moderate
CVE-2022-25773
was published
for
mautic/core
(Composer)
Feb 26, 2025
Mautic allows Improper Authorization in Reporting API
High
CVE-2024-47053
was published
for
mautic/core
(Composer)
Feb 26, 2025
Mautic allows Remote Code Execution and File Deletion in Asset Uploads
Critical
CVE-2024-47051
was published
for
mautic/core
(Composer)
Feb 26, 2025
LibreNMS alert-rules has a Cross-Site Scripting Vulnerability
Low
CVE-2025-62412
was published
for
librenms/librenms
(Composer)
Oct 16, 2025
PrestaShop Checkout Target PayPal merchant account hijacking from backoffice
Low
CVE-2025-61924
was published
for
prestashop/ps_checkout
(Composer)
Oct 16, 2025
PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure
Moderate
CVE-2025-61923
was published
for
prestashop/ps_checkout
(Composer)
Oct 16, 2025
LibreNMS has a Stored XSS vulnerability in its Alert Transport name field
Moderate
CVE-2025-62411
was published
for
librenms/librenms
(Composer)
Oct 16, 2025
Alt Redirect: Potential Authentication Bypass by Spoofing through query-string stripping logic flaw
Moderate
CVE-2025-60868
was published
for
alt-design/alt-redirect
(Composer)
Oct 10, 2025
LibreNMS is vulnerable to Reflected-XSS in `report_this` function
Moderate
CVE-2025-62365
was published
for
librenms/librenms
(Composer)
Oct 13, 2025
Kimai API returns timesheet entries a user should not be authorized to view
Moderate
CVE-2024-29200
was published
for
kimai/kimai
(Composer)
Mar 29, 2024
phpMyFAQ duplicate email registration allows multiple accounts with the same email
High
CVE-2025-59943
was published
for
thorsten/phpmyfaq
(Composer)
Oct 3, 2025
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API