Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,877
Maven
5,000+
npm
4,513
NuGet
784
pip
4,257
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

5,155 advisories

Loading
Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows Moderate
CVE-2026-24739 was published for symfony/process (Composer) Jan 28, 2026
Seldaek nicolas-grekas
Credited to Seldaek and nicolas-grekas
EGroupware has SQL Injection in Nextmatch Filter Processing High
CVE-2026-22243 was published for egroupware/egroupware (Composer) Jan 28, 2026
lukasz-rybak
Credited to lukasz-rybak
PHPUnit Vulnerable to Unsafe Deserialization in PHPT Code Coverage Handling High
CVE-2026-24765 was published for phpunit/phpunit (Composer) Jan 27, 2026
aqhmal theseer
Credited to aqhmal and theseer
phpMyFAQ: Public API endpoints expose emails and invisible questions Moderate
CVE-2026-24422 was published for phpmyfaq/phpmyfaq (Composer) Jan 23, 2026
Brahim-Fouad
Credited to Brahim-Fouad
phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing) Moderate
CVE-2026-24421 was published for phpmyfaq/phpmyfaq (Composer) Jan 23, 2026
Brahim-Fouad
Credited to Brahim-Fouad
phpMyFAQ: Attachment download allowed without dlattachment right (broken access control) Moderate
CVE-2026-24420 was published for phpmyfaq/phpmyfaq (Composer) Jan 23, 2026
Brahim-Fouad
Credited to Brahim-Fouad
LavaLite CMS affected by a stored cross-site scripting vulnerability Moderate
CVE-2025-71177 was published for lavalite/cms (Composer) Jan 23, 2026
Moodle affected by a code injection vulnerability High
CVE-2025-67847 was published for moodle/moodle (Composer) Jan 23, 2026
asrar-mared Seldaek
Credited to asrar-mared and Seldaek
Freeform Craft Plugin CP UI (builder/integrations) has Stored Cross-Site Scripting (XSS) issue Low
GHSA-jp3q-wwp3-pwv9 was published for solspace/craft-freeform (Composer) Jan 22, 2026
Prav33N-Sec kjmartens
Credited to Prav33N-Sec and kjmartens
CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier Moderate
CVE-2026-23959 was published for coreshop/core-shop (Composer) Jan 21, 2026
bypazs PlyNatwara
Credited to bypazs and PlyNatwara
mailqueue TYPO3 extension affected by Insecure Deserialization in QueueableFileTransport Moderate
CVE-2026-0895 was published for cpsit/typo3-mailqueue (Composer) Jan 21, 2026
eliashaeussler
Credited to eliashaeussler
Laravel Redis Horizontal Scaling Insecure Deserialization Critical
CVE-2026-23524 was published for laravel/reverb (Composer) Jan 21, 2026
m0h4mmad
Credited to m0h4mmad
Kimai has an Authenticated Server-Side Template Injection (SSTI) Moderate
CVE-2026-23626 was published for kimai/kimai (Composer) Jan 20, 2026
HUSEYNKHANLI
Credited to HUSEYNKHANLI
Pterodactyl improperly locks resources allowing raced queries to create more resources than alloted Moderate
CVE-2025-69198 was published for pterodactyl/panel (Composer) Jan 20, 2026
vsevolodmelnyk
Credited to vsevolodmelnyk
MineAdmin improperly refreshes tokens Low
CVE-2026-1195 was published for mineadmin/mineadmin (Composer) Jan 20, 2026
CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting Moderate
CVE-2026-23643 was published for cakephp/cakephp (Composer) Jan 16, 2026
phpcss-ankue markstory
Credited to phpcss-ankue and markstory
Livewire Filemanager does not restrict uploaded file types High
CVE-2025-14894 was published for livewire-filemanager/filemanager (Composer) Jan 16, 2026
solspace/craft-freeform Exposed to Known Axios Vulnerabilities via Precompiled Assets Low
GHSA-rwr8-xrpw-9qf5 was published for solspace/craft-freeform (Composer) Jan 15, 2026
solspace/craft-freeform Vulnerable to XSS in `PhpSpreadsheet` HTML Writer Due to Unsanitized Styling Data Low
GHSA-44jg-mv3h-wj6g was published for solspace/craft-freeform (Composer) Jan 15, 2026
riekusdn
Credited to riekusdn
solspace/craft-freeform Has a DoS Vulnerability Low
GHSA-58q2-9x27-h2jm was published for solspace/craft-freeform (Composer) Jan 15, 2026
LeonBatch
Credited to LeonBatch
alextselegidis/easyappointments is Vulnerable to CSRF Protection Bypass High
CVE-2026-23622 was published for alextselegidis/easyappointments (Composer) Jan 15, 2026
faroukn Stolichnayer
Credited to faroukn and Stolichnayer
Aimeos contains a SQL injection vulnerability in the json api 'sort' parameter High
CVE-2021-47763 was published for aimeos/aimeos-laravel (Composer) Jan 15, 2026
Pimcore Web2Print Tools Bundle "Favourite Output Channel Configuration" Missing Function Level Authorization Moderate
CVE-2026-23496 was published for pimcore/web2print-tools-bundle (Composer) Jan 15, 2026
ytlamal
Credited to ytlamal
Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing Moderate
CVE-2026-23495 was published for pimcore/admin-ui-classic-bundle (Composer) Jan 15, 2026
ytlamal
Credited to ytlamal
Pimcore is Vulnerable to Broken Access Control: Missing Function Level Authorization on "Static Routes" Listing Moderate
CVE-2026-23494 was published for pimcore/pimcore (Composer) Jan 15, 2026
ytlamal
Credited to ytlamal
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database