Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,743 advisories

Loading
PHPOffice Math allows XXE when processing an XML file in the MathML format High
CVE-2025-48882 was published for phpoffice/math (Composer) May 29, 2025
Chrome PHP is missing encoding in `CssSelector` Moderate
CVE-2025-48883 was published for chrome-php/chrome (Composer) May 28, 2025
divinity76 GrahamCampbell
enricodias
Moodle stored Cross-site Scripting (XSS) Moderate
CVE-2024-33997 was published for moodle/moodle (Composer) May 31, 2024
AnonySE26
Moodle SSRF Vulnerability High
CVE-2019-6970 was published for moodle/moodle (Composer) May 14, 2022
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled Critical
CVE-2024-56145 was published for craftcms/cms (Composer) Dec 18, 2024
akues-an
Laravel Rest Api has a Search Validation Bypass Moderate
CVE-2025-48490 was published for lomkit/laravel-rest-api (Composer) May 27, 2025
MantisBT allows XSS on the Edit Filter page via crafted filter name Moderate
CVE-2018-14504 was published for mantisbt/mantisbt (Composer) May 14, 2022
MantisBT allows XSS via View Filters page Moderate
CVE-2018-13055 was published for mantisbt/mantisbt (Composer) May 14, 2022
MantisBT allows XSS via the Manage Filter page Moderate
CVE-2018-17782 was published for mantisbt/mantisbt (Composer) May 14, 2022
MantisBT allows XSS via Edit Filter page Moderate
CVE-2018-17783 was published for mantisbt/mantisbt (Composer) May 14, 2022
MantisBT XSS allows unsanitized input via admin/install.php Moderate
CVE-2017-12061 was published for mantisbt/mantisbt (Composer) May 13, 2022
MantisBT CSV Injection unprivileged user access in csv_export.php High
CVE-2021-43257 was published for mantisbt/mantisbt (Composer) Apr 15, 2022
MantisBT XSS in manage_custom_field_update.php Moderate
CVE-2020-35571 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT Incorrect Authorization in bug_actiongroup_page.php Moderate
CVE-2020-29605 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT Insecure Storage in manage_proj_edit_page.php Moderate
CVE-2020-29603 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT Missing Authorization access check in bug_actiongroup.php Moderate
CVE-2020-29604 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT Incorrect Authorization for bug_revision_view_page.php check High
CVE-2020-35849 was published for mantisbt/mantisbt (Composer) May 24, 2022
October CMS vulnerable to Potential Host Header Poisoning on misconfigured servers Low
CVE-2021-21265 was published for october/backend (Composer) Mar 10, 2021
decsecre583
Unsafe deserialization in SmtpTransport in CakePHP High
CVE-2019-11458 was published for cakephp/cakephp (Composer) Dec 2, 2019
ravage84 decsecre583
Symfony Service IDs Allow Injection Critical
CVE-2019-10910 was published for symfony/dependency-injection (Composer) Nov 18, 2019
decsecre583
Twig has unguarded calls to `__toString()` when nesting an object into an array Low
CVE-2024-51754 was published for twig/twig (Composer) Nov 6, 2024
maantje fabpot
MantisBT allows XSS in manage_custom_field_edit_page.php Moderate
CVE-2021-33557 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT SQL Injection via mc_project_get_users function Moderate
CVE-2020-28413 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT XXS where a Custom Field with a crafted Regular Expression property is used Moderate
CVE-2020-25288 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT XSS issue on the view_all_bug_page.php Moderate
CVE-2020-16266 was published for mantisbt/mantisbt (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database