Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5,067 advisories

Loading
Drupal Access code allows Brute Force Attempts Moderate
CVE-2025-10928 was published for drupal/access_code (Composer) Oct 30, 2025
Drupal Plausible tracking is vulnerable to XSS Moderate
CVE-2025-10927 was published for drupal/plausible_tracking (Composer) Oct 30, 2025
Drupal CivicTheme Design System allows Forceful Browsing High
CVE-2025-12082 was published for drupal/civictheme (Composer) Oct 30, 2025
Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax Moderate
CVE-2025-62798 was published for code16/sharp (Composer) Oct 29, 2025
robyfirnandoyusuf aguingand
Credited to robyfirnandoyusuf and aguingand
PrivateBin is missing HTML sanitization of attached filename in file size hint Moderate
CVE-2025-62796 was published for privatebin/privatebin (Composer) Oct 28, 2025
elrido rugk
Credited to elrido and rugk
Moodle does not properly enforce MFA Moderate
CVE-2025-62398 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle's error handling leads to sensitive information disclosure Moderate
CVE-2025-62396 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle has a time restriction bypass Moderate
CVE-2025-62401 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle exposed the names of hidden groups to users Moderate
CVE-2025-62400 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle vulnerable to brute-force password guesses High
CVE-2025-62399 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle sends quiz-related messages to inactive/suspended users Moderate
CVE-2025-62394 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle course access permissions are not properly checked in course_output_fragment_course_overview Moderate
CVE-2025-62393 was published for moodle/moodle (Composer) Oct 23, 2025
Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality High
CVE-2025-62617 was published for admidio/admidio (Composer) Oct 22, 2025
XY20130630
Credited to XY20130630
code16 Sharp vulnerable to Cross Site Scripting (XSS) Moderate
CVE-2025-61457 was published for code16/sharp (Composer) Oct 21, 2025
ProcessWire CMS vulnerable to resource-exhaustion Denial of Service Moderate
CVE-2025-60790 was published for processwire/processwire (Composer) Oct 21, 2025
Shopware Customer Orders can be canceled, even if refunds are disabled Moderate
GHSA-r2vg-hvjm-fg38 was published for shopware/core (Composer) Oct 21, 2025
aragon999
Credited to aragon999
Shopware exposes sensitive user information via CSV export mapping Moderate
GHSA-27c9-vp3w-6ww8 was published for shopware/core (Composer) Oct 21, 2025
larskemper
Credited to larskemper
Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice Low
GHSA-3cpp-fv95-mpr5 was published for shopware/core (Composer) Oct 21, 2025
larskemper
Credited to larskemper
Shopware vulnerable to path traversal via Plugin upload Low
GHSA-6wh5-mw9h-5c3w was published for shopware/core (Composer) Oct 21, 2025
Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually Moderate
GHSA-m895-2hj3-8cg9 was published for shopware/core (Composer) Oct 21, 2025
JoshuaBehrens
Credited to JoshuaBehrens
Citizen vulnerable to stored XSS in sticky header button messages Moderate
CVE-2025-62508 was published for starcitizentools/citizen-skin (Composer) Oct 20, 2025
SomeMWDev
Credited to SomeMWDev
TastyIgniter vulnerable to Cross-Site Scripting Low
CVE-2025-61417 was published for tastyigniter/tastyigniter (Composer) Oct 20, 2025
Cargo Mediawiki Extension vulnerable to Cross-site Scripting Moderate
CVE-2025-62671 was published for mediawiki/cargo (Composer) Oct 18, 2025
ibexa/fieldtype-richtext has an XSS vulnerability via acronym custom tag in Rich Text Moderate
GHSA-8c2g-f8jm-5cr7 was published for ibexa/fieldtype-richtext (Composer) Oct 17, 2025
ibexa/admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal Moderate
GHSA-2mx6-fq24-g2mh was published for ibexa/admin-ui (Composer) Oct 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database