Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5,030 advisories

Loading
Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow Moderate
CVE-2025-64027 was published for snipe/snipe-it (Composer) Nov 20, 2025
phppgadmin contains a SQL injection vulnerability Moderate
CVE-2025-60798 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
phppgadmin contains an incorrect access control vulnerability Moderate
CVE-2025-60799 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
phppgadmin vulnerable to Cross-site Scripting Low
CVE-2025-60796 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
phppgadmin contains a SQL injection vulnerability Moderate
CVE-2025-60797 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter High
CVE-2025-65103 was published for devcode-it/openstamanager (Composer) Nov 19, 2025
XY20130630
Credited to XY20130630
MongoDB driver extension affected by mongoc_bulk_operation_t's read of invalid memory Moderate
CVE-2025-12119 was published for mongodb/mongodb-extension (Composer) Nov 19, 2025
LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint Moderate
CVE-2025-65093 was published for librenms/librenms (Composer) Nov 18, 2025
marcelomulder
Credited to marcelomulder
Backdrop CMS Host Header Injection vulnerability Moderate
CVE-2025-63828 was published for backdrop/backdrop (Composer) Nov 18, 2025
Drupal core allows Forceful Browsing Low
CVE-2025-13080 was published for drupal/core (Composer) Nov 18, 2025
Drupal core allows Object Injection Moderate
CVE-2025-13081 was published for drupal/core (Composer) Nov 18, 2025
Drupal core allows Content Spoofing Low
CVE-2025-13082 was published for drupal/core (Composer) Nov 18, 2025
Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels Low
CVE-2025-13083 was published for drupal/core (Composer) Nov 18, 2025
Drupal Email TFA allows Functionality Bypass Moderate
CVE-2025-12760 was published for drupal/email_tfa (Composer) Nov 18, 2025
Drupal Simple multi step form allows Cross-Site Scripting Low
CVE-2025-12761 was published for drupal/simple_multistep (Composer) Nov 18, 2025
LibreNMS has Weak Password Policy Low
CVE-2025-65014 was published for librenms/librenms (Composer) Nov 18, 2025
marcelomulder
Credited to marcelomulder
LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name` Moderate
CVE-2025-65013 was published for librenms/librenms (Composer) Nov 18, 2025
marcelomulder
Credited to marcelomulder
Kirby CMS has cross-site scripting (XSS) in the changes dialog Moderate
CVE-2025-65012 was published for getkirby/cms (Composer) Nov 18, 2025
phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality High
CVE-2025-62519 was published for phpmyfaq/phpmyfaq (Composer) Nov 17, 2025
XY20130630
Credited to XY20130630
Shopware 6's password recovery link does not expire after email change Moderate
GHSA-2w46-vq8h-98vh was published for shopware/core (Composer) Nov 14, 2025
FlorianKe
Credited to FlorianKe
PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users Low
CVE-2025-64711 was published for privatebin/privatebin (Composer) Nov 14, 2025
esnard rugk
Ribas160
Credited to esnard, rugk, and Ribas160
PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal Moderate
CVE-2025-64714 was published for privatebin/privatebin (Composer) Nov 14, 2025
esnard elrido
rugk
Credited to esnard, elrido, and rugk
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass High
CVE-2025-64500 was published for symfony/http-foundation (Composer) Nov 12, 2025
cs278 nicolas-grekas
Credited to cs278 and nicolas-grekas
TYPO3 Modules Extension has Improper Authentication vulnerability High
CVE-2025-12998 was published for codingms/modules (Composer) Nov 12, 2025
TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter High
CVE-2025-64519 was published for torrentpier/torrentpier (Composer) Nov 10, 2025
XY20130630
Credited to XY20130630
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database