Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,354 advisories

Loading
Pimcore Admin Classic Bundle allows user enumeration Moderate
CVE-2025-24980 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 7, 2025
Ayman-Rayan
The wp-enable-svg WordPress plugin does not sanitize SVG files when uploaded Moderate
CVE-2024-11184 was published for mwdelaney/wp-enable-svg (Composer) Jan 2, 2025
Rudloff
Connect-CMS information that is restricted to viewing is visible High
GHSA-2237-5r9w-vm8j was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
Connect-CMS Access control vulnerability Moderate
GHSA-5rjc-jc28-cwgg was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
Code Injection in PHPUnit Critical
CVE-2017-9841 was published for phpunit/phpunit (Composer) Mar 26, 2022
donatj
Connect-CMS Privilege Escalation Vulnerability Moderate
GHSA-qxh3-jgvh-x55j was published for opensource-workshop/connect-cms (Composer) Jul 5, 2023
Withdrawn Advisory: Sylius allows unrestricted brute-force attacks on user accounts Moderate
CVE-2024-57610 was published for sylius/sylius (Composer) Feb 6, 2025 withdrawn
GSadee
php-svg-lib lacks path validation on font through SVG inline styles Moderate
CVE-2024-25117 was published for phenx/php-svg-lib (Composer) Feb 21, 2024
DevDojo Voyager Arbitrary File Write Moderate
CVE-2024-55417 was published for tcg/voyager (Composer) Jan 30, 2025
Multiple rtmpdump vulnerabilities Critical
GHSA-vrpv-vw92-328g was published for rudloff/rtmpdump-bin (Composer) Feb 6, 2025
Browsershot Local File Inclusion Moderate
CVE-2025-1026 was published for spatie/browsershot (Composer) Feb 5, 2025
Cockpit Arbitrary File Upload High
CVE-2025-1025 was published for cockpit-hq/cockpit (Composer) Feb 5, 2025
Browsershot Path Traversal High
CVE-2025-1022 was published for spatie/browsershot (Composer) Feb 5, 2025
Shopware vulnerable to cross-site scripting (XSS) Moderate
CVE-2022-48150 was published for shopware/shopware (Composer) Apr 21, 2023
Browsershot Improper Input Validation vulnerability Moderate
CVE-2024-21549 was published for spatie/browsershot (Composer) Dec 20, 2024
Browsershot Local File Inclusion Moderate
CVE-2024-21544 was published for spatie/browsershot (Composer) Dec 13, 2024
PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2025-23210 was published for phpoffice/phpspreadsheet (Composer) Feb 3, 2025
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11023 was published for components/jquery (RubyGems) Apr 29, 2020
masatokinugawa klaudialax
Rudloff
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11022 was published for athlon1600/youtube-downloader (RubyGems) Apr 29, 2020
masatokinugawa Churro
Rudloff
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6484 was published for bootstrap (RubyGems) Jul 11, 2024
metametadata
Missing rate limit for password resets Moderate
CVE-2023-28821 was published for concrete5/concrete5 (Composer) Apr 28, 2023
phpMyFAQ Improper Access Control vulnerability Moderate
CVE-2023-2429 was published for thorsten/phpmyfaq (Composer) Apr 30, 2023
phpMyFAQ vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-2428 was published for thorsten/phpmyfaq (Composer) Apr 30, 2023
DevDojo Voyager vulnerable to path traversal High
CVE-2024-55415 was published for tcg/voyager (Composer) Jan 30, 2025
DevDojo Voyager vulnerable to reflected Cross-site Scripting Low
CVE-2024-55416 was published for tcg/voyager (Composer) Jan 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database