GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
543 advisories
Known affected by Account Takeover via Password Reset Token Leakage
Critical
CVE-2026-26273
was published
for
idno/known
(Composer)
Feb 13, 2026
OpenSTAManager has an OS Command Injection in P7M File Processing
Critical
CVE-2025-69212
was published
for
devcode-it/openstamanager
(Composer)
Feb 6, 2026
CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
Critical
CVE-2026-25510
was published
for
ci4-cms-erp/ci4ms
(Composer)
Feb 2, 2026
Laravel Redis Horizontal Scaling Insecure Deserialization
Critical
CVE-2026-23524
was published
for
laravel/reverb
(Composer)
Jan 21, 2026
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
Critical
CVE-2025-49113
was published
for
roundcube/roundcubemail
(Composer)
Jun 2, 2025
Neuron MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)
Critical
CVE-2025-67510
was published
for
neuron-core/neuron-ai
(Composer)
Dec 9, 2025
SAML PHP Toolkit Vulnerability on xmlseclibs CVE-2025-66475
Critical
GHSA-5j8p-438x-rgg5
was published
for
onelogin/php-saml
(Composer)
Dec 9, 2025
Mautic user without privileged access to the Marketplace can install and uninstall composer packages
Critical
CVE-2025-13828
was published
for
mautic/core
(Composer)
Dec 2, 2025
ProTip!
Advisories are also available from the
GraphQL API