GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,721
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,946
NuGet
711
pip
3,723
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
2,688 advisories
Filter by severity
Cross-site Scripting in Backdrop CMS
Moderate
CVE-2022-42097
was published
for
backdrop/backdrop
(Composer)
Nov 22, 2022
Browsershot version 3.57.3 vulnerable to improper input validation
Moderate
CVE-2022-43984
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
Browsershot vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2022-43983
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
Drupal Core Vulnerable to Forceful Browsing
Moderate
CVE-2025-31673
was published
for
drupal/core
(Composer)
Apr 1, 2025
Drupal AI Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2025-31677
was published
for
drupal/ai
(Composer)
Apr 1, 2025
Drupal AI Missing Authorization vulnerability
Moderate
CVE-2025-31678
was published
for
drupal/ai
(Composer)
Apr 1, 2025
Drupal Ignition Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2025-31679
was published
for
drupal/ignition
(Composer)
Apr 1, 2025
Drupal Google Tag Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2025-31682
was published
for
drupal/google_tag
(Composer)
Apr 1, 2025
Drupal Google Tag Cross-Site Request Forgery (CSRF)
Moderate
CVE-2025-31683
was published
for
drupal/google_tag
(Composer)
Apr 1, 2025
Drupal Open Social Missing Authorization vulnerability
Moderate
CVE-2025-31685
was published
for
goalgorilla/open_social
(Composer)
Apr 1, 2025
Drupal General Data Protection Regulation Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2025-31689
was published
for
drupal/gdpr
(Composer)
Apr 1, 2025
Drupal Cache Utility Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2025-31690
was published
for
drupal/cache_utility
(Composer)
Apr 1, 2025
Cross-site Scripting in librenms/librenms
Moderate
CVE-2022-3561
was published
for
librenms/librenms
(Composer)
Nov 20, 2022
Cross-site Scripting in Backdrop CMS
Moderate
CVE-2022-42096
was published
for
backdrop/backdrop
(Composer)
Nov 21, 2022
Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
Moderate
CVE-2025-46549
was published
for
yeswiki/yeswiki
(Composer)
Apr 29, 2025
Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
Moderate
CVE-2025-46550
was published
for
yeswiki/yeswiki
(Composer)
Apr 29, 2025
URL XSS vulnerability due to outdated jquery in CMS
Moderate
CVE-2022-38146
was published
for
silverstripe/admin
(Composer)
Nov 21, 2022
Moodle HTTP authorization header is preserved between "emulated redirects"
Moderate
CVE-2024-38275
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
Moderate
CVE-2025-31674
was published
for
drupal/core
(Composer)
Apr 1, 2025
Magento Improper Authorization vulnerability
Moderate
CVE-2025-27188
was published
for
magento/community-edition
(Composer)
Apr 8, 2025
Froxlor vulnerable to Code Injection
Moderate
CVE-2022-3721
was published
for
froxlor/froxlor
(Composer)
Nov 4, 2022
Grokability Snipe-IT has incorrect authorization for accessing asset information
Moderate
CVE-2025-47226
was published
for
snipe/snipe-it
(Composer)
May 2, 2025
league/commonmark contains a XSS vulnerability in Attributes extension
Moderate
CVE-2025-46734
was published
for
league/commonmark
(Composer)
May 5, 2025
Showdoc Unauthenticated Access
Moderate
CVE-2018-19620
was published
for
showdoc/showdoc
(Composer)
May 13, 2022
Craft CMS stores arbitrary content provided by unauthenticated users in session files
Moderate
CVE-2025-35939
was published
for
craftcms/cms
(Composer)
May 8, 2025
ProTip!
Advisories are also available from the
GraphQL API