GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,722
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,947
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
2,689 advisories
Filter by severity
Drupal Core Vulnerable to Forceful Browsing
Moderate
CVE-2025-31673
was published
for
drupal/core
(Composer)
Apr 1, 2025
Drupal AI Missing Authorization vulnerability
Moderate
CVE-2025-31678
was published
for
drupal/ai
(Composer)
Apr 1, 2025
Drupal AI Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2025-31677
was published
for
drupal/ai
(Composer)
Apr 1, 2025
Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
Moderate
CVE-2025-31674
was published
for
drupal/core
(Composer)
Apr 1, 2025
Drupal AI Vulnerable to OS Command Injection
Moderate
CVE-2025-31693
was published
for
drupal/ai
(Composer)
Apr 1, 2025
Drupal Ignition Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2025-31679
was published
for
drupal/ignition
(Composer)
Apr 1, 2025
Drupal Cache Utility Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2025-31690
was published
for
drupal/cache_utility
(Composer)
Apr 1, 2025
Drupal General Data Protection Regulation Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2025-31689
was published
for
drupal/gdpr
(Composer)
Apr 1, 2025
Drupal Google Tag Cross-Site Request Forgery (CSRF)
Moderate
CVE-2025-31683
was published
for
drupal/google_tag
(Composer)
Apr 1, 2025
Drupal Google Tag Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2025-31682
was published
for
drupal/google_tag
(Composer)
Apr 1, 2025
Drupal Open Social Missing Authorization vulnerability
Moderate
CVE-2025-31685
was published
for
goalgorilla/open_social
(Composer)
Apr 1, 2025
Drupal AI Vulnerable to OS Command Injection via Optional Automator Types
Moderate
CVE-2025-31692
was published
for
drupal/ai
(Composer)
Apr 1, 2025
Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages
Moderate
CVE-2025-3057
was published
for
drupal/core
(Composer)
Apr 1, 2025
Drupal Obfuscate Vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2025-3130
was published
for
drupal/obfuscate
(Composer)
Apr 3, 2025
Concrete CMS Vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)
Moderate
CVE-2025-3153
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2025
API Platform Core can leak exceptions message that may contain sensitive information
Moderate
CVE-2023-47639
was published
for
api-platform/core
(Composer)
Apr 3, 2025
Shopware 6 allows attackers to check for registered accounts through the store-api
Moderate
CVE-2025-30150
was published
for
shopware/core
(Composer)
Apr 8, 2025
Shopware Broken ACL on Document retrieval to access other customers documents
Moderate
GHSA-68wv-g3fw-pq7q
was published
for
shopware/core
(Composer)
Apr 8, 2025
Joomla Framework Database Package Vulnerable to SQL Injection
Moderate
CVE-2025-25226
was published
for
joomla/database
(Composer)
Apr 8, 2025
Magento Improper Authorization vulnerability
Moderate
CVE-2025-27188
was published
for
magento/community-edition
(Composer)
Apr 8, 2025
wallabag/wallabag Has Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities
Moderate
GHSA-5pm7-cp8f-p2c2
was published
for
wallabag/wallabag
(Composer)
Apr 9, 2025
Silverstripe cross-site scripting (XSS) attack in elemental "Content blocks in use" report
Moderate
CVE-2025-25197
was published
for
dnadesign/silverstripe-elemental
(Composer)
Apr 10, 2025
Silverstripe Framework has a XSS vulnerability in HTML editor
Moderate
CVE-2025-30148
was published
for
silverstripe/framework
(Composer)
Apr 10, 2025
Silverstripe Framework user enumeration via timing attack on login and password reset forms
Moderate
GHSA-256q-hx8w-xcqx
was published
for
silverstripe/framework
(Composer)
Apr 10, 2025
Yii does not prevent XSS in scenarios where fallback error renderer is used
Moderate
CVE-2025-32027
was published
for
yiisoft/yii
(Composer)
Apr 11, 2025
ProTip!
Advisories are also available from the
GraphQL API