Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,766
Maven
5,000+
npm
4,371
NuGet
767
pip
4,144
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,894 advisories

Loading
AWS SDK for PHP's S3 Encryption Client has a Key Commitment Issue Moderate
CVE-2025-14761 was published for aws/aws-sdk-php (Composer) Dec 18, 2025
Auth0-PHP SDK has Improper Audience Validation Moderate
CVE-2025-68129 was published for auth0/auth0-php (Composer) Dec 17, 2025
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay Moderate
CVE-2025-68113 was published for altcha (RubyGems) Dec 16, 2025
eternal-flame-AD
Credited to eternal-flame-AD
Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency Moderate
GHSA-vvg7-8rmq-92g7 was published for auth0/wordpress (Composer) Dec 17, 2025
Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK Moderate
GHSA-f3r2-88mq-9v4g was published for auth0/symfony (Composer) Dec 17, 2025
Auth0 Laravel SDK has Improper Audience Validation via Auth0-PHP SDK dependency Moderate
GHSA-7hh9-gp72-wh7h was published for auth0/login (Composer) Dec 17, 2025
Grav is vulnerable to Stored XSS through authenticated user-edited content Moderate
CVE-2025-66843 was published for getgrav/grav (Composer) Dec 15, 2025
robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation Moderate
CVE-2025-66578 was published for robrichards/xmlseclibs (Composer) Dec 8, 2025
d0ge
Credited to d0ge
LibreNMS Arbitrary File Read Moderate
CVE-2017-16759 was published for librenms/librenms (Composer) May 13, 2022
murrant
Credited to murrant
LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint Moderate
CVE-2025-65093 was published for librenms/librenms (Composer) Nov 18, 2025
marcelomulder
Credited to marcelomulder
Snipe-IT is vulnerable to stored cross-site scripting Moderate
CVE-2025-65621 was published for snipe/snipe-it (Composer) Dec 1, 2025
FeehiCMS Has a Remote Code Execution via Unrestricted File Upload in Ad Management Moderate
CVE-2025-65657 was published for feehi/cms (Composer) Dec 2, 2025
Grav CMS is vulnerable to Cross Site Scripting (XSS) in the page editor Moderate
CVE-2025-65186 was published for getgrav/grav (Composer) Dec 2, 2025
Snipe-IT allows stored XSS via the Locations "Country" field Moderate
CVE-2025-65622 was published for snipe/snipe-it (Composer) Dec 2, 2025
FeehiCMS fails to enforce server-side immutability Moderate
CVE-2025-63523 was published for feehi/feehicms (Composer) Dec 1, 2025
FeehiCMS is vulnerable to cross-site scripting via the id parameter of the User Update function Moderate
CVE-2025-63520 was published for feehi/feehicms (Composer) Dec 1, 2025
FeehiCMS is vulnerable to reverse tabnabbing Moderate
CVE-2025-63522 was published for feehi/feehicms (Composer) Dec 1, 2025
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parameter `data[header][template]` in Advanced Tab Moderate
CVE-2025-66310 was published for getgrav/grav (Composer) Dec 2, 2025
marcelomulder nmmorette
Credited to marcelomulder and nmmorette
Grav is vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab Moderate
CVE-2025-66309 was published for getgrav/grav (Composer) Dec 2, 2025
marcelomulder nmmorette
Credited to marcelomulder and nmmorette
Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]` Moderate
CVE-2025-66308 was published for getgrav/grav (Composer) Dec 2, 2025
marcelomulder nmmorette
Credited to marcelomulder and nmmorette
Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel Moderate
CVE-2025-66306 was published for getgrav/grav (Composer) Dec 2, 2025
ElvinNuruyev
Credited to ElvinNuruyev
Grav vulnerable to Path Traversal allowing server files backup Moderate
CVE-2025-66302 was published for getgrav/grav (Composer) Dec 2, 2025
abdellah0x0
Credited to abdellah0x0
Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure Moderate
CVE-2025-66307 was published for getgrav/grav (Composer) Dec 2, 2025
m3ez
Credited to m3ez
Grav Admin Plugin is vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]` Moderate
CVE-2025-66312 was published for getgrav/grav (Composer) Dec 2, 2025
marcelomulder nmmorette
Credited to marcelomulder and nmmorette
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters Moderate
CVE-2025-66311 was published for getgrav/grav (Composer) Dec 2, 2025
marcelomulder nmmorette
Credited to marcelomulder and nmmorette
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database