Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,811
Erlang
36
GitHub Actions
32
Go
2,396
Maven
5,000+
npm
4,033
NuGet
721
pip
3,824
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,811 advisories

Loading
HAX CMS API Lacks Authorization Checks High
CVE-2025-54378 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 25, 2025
lfgberg
simogeo/filemanager arbitrary file upload vulnerability Critical
CVE-2025-46001 was published for simogeo/filemanager (Composer) Jul 18, 2025
HAX CMS application pages vulnerable to clickjacking Moderate
CVE-2025-54139 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 21, 2025
lfgberg odransfield
LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE High
CVE-2025-54138 was published for librenms/librenms (Composer) Jul 21, 2025
skraft9
nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability Critical
CVE-2025-54082 was published for manogi/nova-tiptap (Composer) Jul 21, 2025
vintagesucks
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
Femanager extension for TYPO3 allows Insecure Direct Object Reference Moderate
CVE-2025-7900 was published for in2code/femanager (Composer) Jul 22, 2025
Powermail extension for TYPO3 allows Insecure Direct Object Reference Moderate
CVE-2025-7899 was published for in2code/powermail (Composer) Jul 22, 2025
Dolibarr has Remote Code Execution Vulnerability (Bypass) High
GHSA-49xw-hw94-fmv2 was published for dolibarr/dolibarr (Composer) Jul 21, 2025
wh0amitz
Filemanager is vulnerable to Relative Path Traversal through filemanager.php Moderate
CVE-2025-46002 was published for simogeo/filemanager (Composer) Jul 18, 2025
Livewire is vulnerable to remote command execution during component property update hydration Critical
CVE-2025-54068 was published for livewire/livewire (Composer) Jul 17, 2025
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI High
CVE-2024-52293 was published for craftcms/cms (Composer) Nov 13, 2024
rewhile
Craft CMS vulnerable to Remote Code Execution via validatePath bypass High
CVE-2023-40035 was published for craftcms/cms (Composer) Aug 21, 2023
awakerrday
LaRecipe is vulnerable to Server-Side Template Injection attacks Critical
CVE-2025-53833 was published for binarytorch/larecipe (Composer) Jul 14, 2025
MODX Revolution vulnerable to XSS attack through its User Photo field Moderate
CVE-2018-20755 was published for modx/revolution (Composer) May 14, 2022
MODX Revolution allows XSS via document resources Moderate
CVE-2018-20756 was published for modx/revolution (Composer) May 14, 2022
MODX Revolution allows XSS through extended user fields Moderate
CVE-2018-20757 was published for modx/revolution (Composer) May 14, 2022
phpThumb is vulnerable to Command Injection through its gif_outputAsJpeg function Moderate
CVE-2025-52994 was published for james-heinrich/phpthumb (Composer) Jul 11, 2025
MODX vulnerability allows for XSS via user settings parameters Moderate
CVE-2018-20758 was published for modx/revolution (Composer) May 13, 2022
JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing Import Page component Low
CVE-2025-6735 was published for juzaweb/cms (Composer) Jun 27, 2025
JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing certain components Low
CVE-2025-6736 was published for juzaweb/cms (Composer) Jun 27, 2025
DynamicPageList3 vulnerability exposes hidden/suppressed usernames High
CVE-2025-53625 was published for universal-omega/dynamic-page-list3 (Composer) Jul 10, 2025
Markus-Rost Universal-Omega
protobuf susceptible to buffer overflow High
CVE-2015-5237 was published for Google.Protobuf (Composer) May 13, 2022
Microweber vulnerable to XSS attack due to insure `group` component in its Settings handler Low
CVE-2025-2214 was published for microweber/microweber (Composer) Mar 12, 2025
NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022
joshbressers
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database