Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
39
Go
2,951
Maven
5,000+
npm
4,596
NuGet
787
pip
4,304
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

2,948 advisories

Loading
PrestaShop affected by time based enumeration in FO login form Moderate
CVE-2026-25597 was published for prestashop/prestashop (Composer) Feb 3, 2026
MineAdmin May Expose Sensitive Information to an Unauthorized Actor Moderate
CVE-2026-1194 was published for mineadmin/mineadmin (Composer) Jan 20, 2026
Magento's X-Original-Url header can expose admin url Moderate
CVE-2026-25523 was published for openmage/magento-lts (Composer) Feb 2, 2026
CI4MS Vulnerable to User Email Enumeration via Password Reset Flow Moderate
CVE-2026-25509 was published for ci4-cms-erp/ci4ms (Composer) Feb 2, 2026
Far-Horizons
Credited to Far-Horizons
Craft Commerce has Stored XSS in Shipping Zone (Name & Description) Fields Leading to Potential Privilege Escalation Moderate
CVE-2026-25522 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft Commerce has Stored XSS in Inventory Location Address Leading to Potential Privilege Escalation Moderate
CVE-2026-25490 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft Commerce has Stored XSS in Tax Zones (Name & Description) Leading to Potential Privilege Escalation Moderate
CVE-2026-25489 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft Commerce has Stored XSS in Tax Categories (Name & Description) Fields Leading to Potential Privilege Escalation Moderate
CVE-2026-25488 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft CMS has Stored XSS in Tax Rates Name Leading to Potential Privilege Escalation Moderate
CVE-2026-25487 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation Moderate
CVE-2026-25486 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft Commerce has Stored XSS in Shipping Categories (Name & Description) Fields Leading to Potential Privilege Escalation Moderate
CVE-2026-25485 was published for craftcms/composer (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft Commerce has Stored XSS in Product Type Name Moderate
CVE-2026-25484 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft Commerce has Stored XSS via Order Status Message with potential database exfiltration Moderate
CVE-2026-25483 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget) Moderate
CVE-2026-25482 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Moodle vulnerable to Cross-site Scripting Moderate
CVE-2025-67855 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle Inserts Sensitive Information Into Sent Data Moderate
CVE-2025-67857 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle has an authorization logic flaw Moderate
CVE-2025-67856 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle formula injection vulnerability Moderate
CVE-2025-67851 was published for moodle/moodle (Composer) Feb 3, 2026
Subrion CMS vulnerable to cross-site scripting Moderate
CVE-2025-70958 was published for intelliants/subrion (Composer) Feb 3, 2026
TYPO3 Cross-site Scripting vulnerability Moderate
CVE-2015-8759 was published for typo3/cms (Composer) May 17, 2022
Duplicate Advisory: TYPO3 Cross-Site Scripting vulnerability in typolinks Moderate
GHSA-75mx-chcf-2q32 was published for typo3/cms (Composer) May 30, 2024 withdrawn
/user/sessions endpoint allows detecting valid accounts Moderate
CVE-2021-46876 was published for ezsystems/ezpublish-kernel (Composer) Mar 11, 2021
Duplicate Advisory: User account enumeration in eZ Publish Ibexa Kernel Moderate
GHSA-89p3-9j8c-fqh4 was published for ezsystems/ezpublish-kernel (Composer) Mar 12, 2023 withdrawn
FacturaScripts is Vulnerable to Reflected XSS Moderate
CVE-2026-23476 was published for facturascripts/facturascripts (Composer) Feb 2, 2026
h4cd0c
Credited to h4cd0c
Pterodactyl improperly locks resources allowing raced queries to create more resources than alloted Moderate
CVE-2025-69198 was published for pterodactyl/panel (Composer) Jan 20, 2026
vsevolodmelnyk
Credited to vsevolodmelnyk
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database