GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,300
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
920
Rust
960
Swift
38
Unreviewed advisories
All unreviewed
5,000+
500 advisories
Filter by severity
The Front End User Registration extension for TYPO3 (sr_feuser_register) Remote Code Execution
Critical
CVE-2025-48200
was published
for
sjbr/sr-feuser-register
(Composer)
May 21, 2025
laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-9fwj-9mjf-rhj3
was published
for
auth0/login
(Composer)
May 17, 2025
Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-2f4r-34m4-3w8q
was published
for
auth0/wordpress
(Composer)
May 17, 2025
Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-9wg9-93h9-j8ch
was published
for
auth0/symfony
(Composer)
May 17, 2025
Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK
Critical
CVE-2025-47275
was published
for
auth0/auth0-php
(Composer)
May 16, 2025
SQL injection in ADOdb PostgreSQL driver pg_insert_id() method
Critical
CVE-2025-46337
was published
for
adodb/adodb-php
(Composer)
May 1, 2025
ShowDoc unrestricted file upload vulnerability
Critical
CVE-2025-0520
was published
for
showdoc/showdoc
(Composer)
Apr 29, 2025
YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download
Critical
CVE-2025-46348
was published
for
yeswiki/yeswiki
(Composer)
Apr 29, 2025
Craft CMS Allows Remote Code Execution
Critical
CVE-2025-32432
was published
for
craftcms/cms
(Composer)
Apr 25, 2025
DevDojo Voyager Argument Injection vulnerability
Critical
CVE-2025-32931
was published
for
tcg/voyager
(Composer)
Apr 14, 2025
yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key
Critical
CVE-2024-58136
was published
for
yiisoft/yii2
(Composer)
Apr 10, 2025
Volt Allows RCE Via User-Crafted Requests
Critical
CVE-2025-27517
was published
for
livewire/volt
(Composer)
Mar 5, 2025
Mautic allows Remote Code Execution and File Deletion in Asset Uploads
Critical
CVE-2024-47051
was published
for
mautic/core
(Composer)
Feb 26, 2025
Easy!Appointments Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2024-57602
was published
for
alextselegidis/easyappointments
(Composer)
Feb 13, 2025
Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header
Critical
GHSA-c2p2-hgjg-9r3f
was published
for
islandora/crayfish
(Composer)
Feb 12, 2025
Improper Authorization vulnerability in Magento and Adobe Commerce
Critical
CVE-2025-24434
was published
for
magento/community-edition
(Composer)
Feb 11, 2025
Multiple rtmpdump vulnerabilities
Critical
GHSA-vrpv-vw92-328g
was published
for
rudloff/rtmpdump-bin
(Composer)
Feb 6, 2025
Crayfish allows Remote Code Execution via Homarus Authorization header
Critical
CVE-2025-25286
was published
for
islandora/crayfish
(Composer)
Jan 15, 2025
TeamPass privileges issue
Critical
CVE-2024-50703
was published
for
nilsteampassnet/teampass
(Composer)
Dec 30, 2024
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled
Critical
CVE-2024-56145
was published
for
craftcms/cms
(Composer)
Dec 18, 2024
LibreNMS has an Authenticated OS Command Injection
Critical
CVE-2024-51092
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
Improper Restriction of XML External Entity Reference in dompdf/dompdf
Critical
CVE-2021-3902
was published
for
dompdf/dompdf
(Composer)
Nov 15, 2024
Deserialization of Untrusted Data in dompdf/dompdf
Critical
CVE-2021-3838
was published
for
dompdf/dompdf
(Composer)
Nov 15, 2024
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
Critical
CVE-2024-47186
was published
for
filament/infolists
(Composer)
Sep 27, 2024
ThinkPHP deserialization vulnerability
Critical
CVE-2024-44902
was published
for
topthink/framework
(Composer)
Sep 9, 2024
ProTip!
Advisories are also available from the
GraphQL API