Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,992 advisories

Loading
Magento allows attackers to alter the price of items High
CVE-2021-36030 was published for magento/community-edition (Composer) May 24, 2022
Magento Path Traversal vulnerability via the `theme[preview_image]` parameter High
CVE-2021-36031 was published for magento/community-edition (Composer) May 24, 2022
Magento XML Injection vulnerability in the Widgets Module Critical
CVE-2021-36033 was published for magento/community-edition (Composer) May 24, 2022
Magento improper authorization vulnerability High
CVE-2021-36029 was published for magento/community-edition (Composer) May 24, 2022
Magento XML Injection vulnerability in the Widgets Update Layout High
CVE-2021-36022 was published for magento/community-edition (Composer) May 24, 2022
Magento XML Injection vulnerability in the 'City' field High
CVE-2021-36020 was published for magento/community-edition (Composer) May 24, 2022
OpenMage vulnerable to XSS in Admin Notifications Moderate
CVE-2025-64174 was published for openmage/magento-lts (Composer) Nov 3, 2025
Judx
Credited to Judx
Magento stored cross-site scripting vulnerability in the customer address upload feature Moderate
CVE-2021-36026 was published for magento/community-edition (Composer) May 24, 2022
Magento stored cross-site scripting vulnerability Moderate
CVE-2021-36027 was published for magento/community-edition (Composer) May 24, 2022
Magento affected by a business logic error in the placeOrder graphql mutation Moderate
CVE-2021-36012 was published for magento/community-edition (Composer) May 24, 2022
Magento XML Injection vulnerability in the Widgets Update Layout Critical
CVE-2021-36023 was published for magento/community-edition (Composer) Sep 6, 2023
Magento improper access control vulnerability within Magento's Media Gallery Upload workflow Critical
CVE-2021-36036 was published for magento/community-edition (Composer) Sep 6, 2023
Magento affected by remote code execution vulnerability in the CMS page scheduled update feature Critical
CVE-2021-36021 was published for magento/community-edition (Composer) Sep 6, 2023
Magento DOM-based Cross-Site Scripting (XSS) vulnerability High
CVE-2024-39400 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Path Traversal vulnerability High
CVE-2024-39399 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Stored Cross-Site Scripting (XSS) vulnerability High
CVE-2024-39403 was published for magento/community-edition (Composer) Aug 14, 2024
Magento does not properly restrict excessive authentication attempts High
CVE-2024-39398 was published for magento/community-edition (Composer) Aug 14, 2024
Magento OS Command ('OS Command Injection') vulnerability High
CVE-2024-39402 was published for magento/community-edition (Composer) Aug 14, 2024
Magento OS Command ('OS Command Injection') vulnerability High
CVE-2024-39401 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization vulnerability Moderate
CVE-2024-39405 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization vulnerability Moderate
CVE-2024-39404 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization vulnerability Moderate
CVE-2024-39418 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization vulnerability Moderate
CVE-2024-39413 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization vulnerability Moderate
CVE-2024-39407 was published for magento/community-edition (Composer) Aug 14, 2024
MantisBT unauthorized disclosure of private project column configuration Moderate
CVE-2025-62520 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
jrckmcsb atrol
dregad
Credited to jrckmcsb, atrol, and dregad
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database