Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,954
Maven
5,000+
npm
4,606
NuGet
787
pip
4,305
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

2,954 advisories

Loading
amphp/http-server affected by HTTP/2 DDoS vulnerability Moderate
GHSA-8grv-jq2g-cfhw was published for amphp/http-server (Composer) Feb 10, 2026
FroshAdminer Adminer UI is accessible without admin session Moderate
CVE-2026-25878 was published for frosh/adminer-platform (Composer) Feb 10, 2026
xndrdev Gugiman
Credited to xndrdev and Gugiman
Craft CMS Vulnerable to Stored XSS in Number Prefix & Suffix Fields Moderate
CVE-2026-25496 was published for craftcms/cms (Composer) Feb 9, 2026
mHe4am
Credited to mHe4am
Craft CMS Vulnerable to SSRF in GraphQL Asset Mutation via Alternative IP Notation Moderate
CVE-2026-25494 was published for craftcms/cms (Composer) Feb 9, 2026
mHe4am
Credited to mHe4am
Craft CMS Vulnerable to SSRF in GraphQL Asset Mutation via HTTP Redirect Moderate
CVE-2026-25493 was published for craftcms/cms (Composer) Feb 9, 2026
mHe4am
Credited to mHe4am
Craft CMS: save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host Moderate
CVE-2026-25492 was published for craftcms/craft (Composer) Feb 9, 2026
LeftenantZero
Credited to LeftenantZero
PrestaShop affected by time based enumeration in FO login form Moderate
CVE-2026-25597 was published for prestashop/prestashop (Composer) Feb 3, 2026
Moodle vulnerable to Cross-site Scripting Moderate
CVE-2025-67855 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle Inserts Sensitive Information Into Sent Data Moderate
CVE-2025-67857 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle has an authorization logic flaw Moderate
CVE-2025-67856 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle formula injection vulnerability Moderate
CVE-2025-67851 was published for moodle/moodle (Composer) Feb 3, 2026
Subrion CMS vulnerable to cross-site scripting Moderate
CVE-2025-70958 was published for intelliants/subrion (Composer) Feb 3, 2026
Magento's X-Original-Url header can expose admin url Moderate
CVE-2026-25523 was published for openmage/magento-lts (Composer) Feb 2, 2026
Craft Commerce has Stored XSS in Shipping Zone (Name & Description) Fields Leading to Potential Privilege Escalation Moderate
CVE-2026-25522 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft Commerce has Stored XSS in Inventory Location Address Leading to Potential Privilege Escalation Moderate
CVE-2026-25490 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft Commerce has Stored XSS in Tax Zones (Name & Description) Leading to Potential Privilege Escalation Moderate
CVE-2026-25489 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft Commerce has Stored XSS in Tax Categories (Name & Description) Fields Leading to Potential Privilege Escalation Moderate
CVE-2026-25488 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft CMS has Stored XSS in Tax Rates Name Leading to Potential Privilege Escalation Moderate
CVE-2026-25487 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation Moderate
CVE-2026-25486 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft Commerce has Stored XSS in Shipping Categories (Name & Description) Fields Leading to Potential Privilege Escalation Moderate
CVE-2026-25485 was published for craftcms/composer (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft Commerce has Stored XSS in Product Type Name Moderate
CVE-2026-25484 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft Commerce has Stored XSS via Order Status Message with potential database exfiltration Moderate
CVE-2026-25483 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget) Moderate
CVE-2026-25482 was published for craftcms/commerce (Composer) Feb 2, 2026
mHe4am
Credited to mHe4am
CI4MS Vulnerable to User Email Enumeration via Password Reset Flow Moderate
CVE-2026-25509 was published for ci4-cms-erp/ci4ms (Composer) Feb 2, 2026
Far-Horizons
Credited to Far-Horizons
FacturaScripts is Vulnerable to Reflected XSS Moderate
CVE-2026-23476 was published for facturascripts/facturascripts (Composer) Feb 2, 2026
h4cd0c
Credited to h4cd0c
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database