Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,368
Maven
5,000+
npm
3,989
NuGet
720
pip
3,781
Pub
12
RubyGems
926
Rust
982
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,786 advisories

Loading
Cross-site Scripting in Bagisto Moderate
CVE-2023-36236 was published for bagisto/bagisto (Composer) Jan 17, 2024
juzaweb CMS allows cross-site scripting by uploading an SVG file Moderate
CVE-2025-5420 was published for juzaweb/cms (Composer) Jun 2, 2025
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution Critical
CVE-2025-49132 was published for pterodactyl/panel (Composer) Jun 19, 2025
azimoff337
GeSHi XSS possible in the get_var function of /contrib/cssgen.php Moderate
CVE-2025-2123 was published for geshi/geshi (Composer) Mar 9, 2025
protobuf susceptible to buffer overflow High
CVE-2015-5237 was published for Google.Protobuf (Composer) May 13, 2022
NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022
joshbressers
Magneto contains stored XSS vulnerability Critical
CVE-2025-47110 was published for magento/community-edition (Composer) Jun 10, 2025
Moodle Session Fixation allows unauthenticated users to hijack sessions via sesskey parameter Moderate
CVE-2025-53021 was published for moodle/moodle (Composer) Jun 24, 2025
TabberNeue vulnerable to Stored XSS through wikitext High
CVE-2025-53093 was published for starcitizentools/tabber-neue (Composer) Jun 27, 2025
SomeMWDev
raspap-webgui has a Directory Traversal vulnerability High
CVE-2025-44163 was published for billz/raspap-webgui (Composer) Jun 27, 2025
Withdrawn Advisory: Daylight Studio FUEL-CMS SQLi Vulnerability High
CVE-2020-24950 was published for codeigniter/framework (Composer) Aug 11, 2023 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database