Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,746
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

534 advisories

Loading
Ibexa User Bundle is missing password change validation Critical
CVE-2025-67719 was published for ibexa/user (Composer) Dec 10, 2025
Neuron MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”) Critical
CVE-2025-67510 was published for neuron-core/neuron-ai (Composer) Dec 9, 2025
siewer
Credited to siewer
SAML PHP Toolkit Vulnerability on xmlseclibs CVE-2025-66475 Critical
GHSA-5j8p-438x-rgg5 was published for onelogin/php-saml (Composer) Dec 9, 2025
d0ge
Credited to d0ge
Mautic user without privileged access to the Marketplace can install and uninstall composer packages Critical
CVE-2025-13828 was published for mautic/core (Composer) Dec 2, 2025
driskell escopecz
patrykgruszka
Credited to driskell, escopecz, and patrykgruszka
Magento executes code via the API File Option Upload Extension Critical
CVE-2021-36042 was published for magento/community-edition (Composer) May 24, 2022
Magento has a file extension restrictions bypass Critical
CVE-2021-36040 was published for magento/community-edition (Composer) May 24, 2022
Magento is affected by an improper input validation vulnerability while saving a customer's details Critical
CVE-2021-36025 was published for magento/community-edition (Composer) May 24, 2022
Magento has an XML Injection vulnerability Critical
CVE-2021-36028 was published for magento/community-edition (Composer) May 24, 2022
Magento XML Injection vulnerability in the Widgets Module Critical
CVE-2021-36033 was published for magento/community-edition (Composer) May 24, 2022
Magento XML Injection vulnerability in the Widgets Update Layout Critical
CVE-2021-36023 was published for magento/community-edition (Composer) Sep 6, 2023
Magento improper access control vulnerability within Magento's Media Gallery Upload workflow Critical
CVE-2021-36036 was published for magento/community-edition (Composer) Sep 6, 2023
Magento affected by remote code execution vulnerability in the CMS page scheduled update feature Critical
CVE-2021-36021 was published for magento/community-edition (Composer) Sep 6, 2023
ShowDoc unrestricted file upload vulnerability Critical
CVE-2025-0520 was published for showdoc/showdoc (Composer) Apr 29, 2025
WWBN AVideo Insufficient Entropy vulnerbaility Critical
CVE-2023-49599 was published for wwbn/avideo (Composer) Jan 10, 2024
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors() Critical
CVE-2020-13756 was published for sabberworm/php-css-parser (Composer) Mar 26, 2022
The ADOdb sqlite3 driver allows SQL injection Critical
CVE-2025-54119 was published for adodb/adodb-php (Composer) Aug 4, 2025
mrcnpp dregad
Credited to mrcnpp and dregad
Magento Community Edition Improper Input Validation vulnerability Critical
CVE-2025-54236 was published for magento/community-edition (Composer) Sep 9, 2025
RoadRunner is at risk of HTTP Request/Response Smuggling through vulnerable dependency Critical
CVE-2025-22871 was published for spiral/roadrunner (Composer) Apr 8, 2025
dt-thomas-durand
Credited to dt-thomas-durand
yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key Critical
CVE-2024-58136 was published for yiisoft/yii2 (Composer) Apr 10, 2025
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled Critical
CVE-2024-56145 was published for craftcms/cms (Composer) Dec 18, 2024
akues-an
Credited to akues-an
Magento improper input validation vulnerability Critical
CVE-2022-24086 was published for magento/community-edition (Composer) Feb 17, 2022
Unauthenticated remote code execution in Ignition Critical
CVE-2021-3129 was published for facade/ignition (Composer) Mar 29, 2021
Drupal Core Remote Code Execution Vulnerability Critical
CVE-2018-7602 was published for drupal/core (Composer) Apr 23, 2024
Remote code execution in PHPMailer Critical
CVE-2016-10033 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Code Injection in PHPUnit Critical
CVE-2017-9841 was published for phpunit/phpunit (Composer) Mar 26, 2022
donatj
Credited to donatj
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database