Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,951
Erlang
39
GitHub Actions
38
Go
2,607
Maven
5,000+
npm
4,251
NuGet
757
pip
4,017
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,952 advisories

Loading
PrivateBin is missing HTML sanitization of attached filename in file size hint Moderate
CVE-2025-62796 was published for privatebin/privatebin (Composer) Oct 28, 2025
ProcessWire CMS vulnerable to resource-exhaustion Denial of Service Moderate
CVE-2025-60790 was published for processwire/processwire (Composer) Oct 21, 2025
Magento Community Edition Improper Input Validation vulnerability Critical
CVE-2025-54236 was published for magento/community-edition (Composer) Sep 9, 2025
Moodle course access permissions are not properly checked in course_output_fragment_course_overview Moderate
CVE-2025-62393 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle sends quiz-related messages to inactive/suspended users Moderate
CVE-2025-62394 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle exposed the names of hidden groups to users Moderate
CVE-2025-62400 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle has a time restriction bypass Moderate
CVE-2025-62401 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle's error handling leads to sensitive information disclosure Moderate
CVE-2025-62396 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle vulnerable to brute-force password guesses High
CVE-2025-62399 was published for moodle/moodle (Composer) Oct 23, 2025
RoadRunner is at risk of HTTP Request/Response Smuggling through vulnerable dependency Critical
CVE-2025-22871 was published for spiral/roadrunner (Composer) Apr 8, 2025
dt-thomas-durand
Credited to dt-thomas-durand
Moodle does not properly enforce MFA Moderate
CVE-2025-62398 was published for moodle/moodle (Composer) Oct 23, 2025
Magento Improper Access Control Leads to Privilege escalation Moderate
CVE-2024-39419 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization leads to Security feature bypass Moderate
CVE-2024-39417 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization leads to Security feature bypass Moderate
CVE-2024-39416 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization Leading to Security feature bypass Moderate
CVE-2024-39415 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Access Control Leads to Privilege escalation Moderate
CVE-2024-39414 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization leads to security feature bypass Moderate
CVE-2024-39411 was published for magento/community-edition (Composer) Aug 14, 2024
Magento does not properly protect credentials Low
CVE-2025-27192 was published for magento/community-edition (Composer) Apr 8, 2025
Magento Improper Access Control leads to Security feature bypass Moderate
CVE-2025-27191 was published for magento/community-edition (Composer) Apr 8, 2025
Magento Improper Access Control leads to Security feature bypass Moderate
CVE-2025-27190 was published for magento/community-edition (Composer) Apr 8, 2025
Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality High
CVE-2025-62617 was published for admidio/admidio (Composer) Oct 22, 2025
XY20130630
Credited to XY20130630
Magento Improper Access Control leads to security feature bypass Moderate
CVE-2025-27206 was published for magento/community-edition (Composer) Jun 10, 2025
Magento Improper Authorization leading to security feature bypass High
CVE-2025-43585 was published for magento/community-edition (Composer) Jun 10, 2025
Magento Authenticated Security feature bypass Low
CVE-2025-49549 was published for magento/community-edition (Composer) Jun 26, 2025
Magento Security feature bypass Moderate
CVE-2025-49550 was published for magento/community-edition (Composer) Jun 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database