GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,747 advisories
MantisBT vulnerable to information disclosure with user profiles
Moderate
CVE-2024-45792
was published
for
mantisbt/mantisbt
(Composer)
Sep 30, 2024
Sulu vulnerable to XXE in SVG File upload Inspector
Moderate
CVE-2025-47778
was published
for
sulu/sulu
(Composer)
May 15, 2025
Cross-site scripting in ThinkAdmin
Moderate
CVE-2020-29315
was published
for
zoujingli/thinkadmin
(Composer)
May 6, 2021
ThinkAdmin insecure unserialize vulnerability
Critical
CVE-2020-23653
was published
for
zoujingli/thinkadmin
(Composer)
May 24, 2022
Moodle Unsanitized HTML in site log for config_log_created
Moderate
CVE-2024-34006
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle CSRF risk in admin preset tool management of presets
High
CVE-2024-34001
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Cross-site Scripting (XSS)
Moderate
CVE-2024-33998
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle CSRF risk in analytics management of models
High
CVE-2024-34008
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Cross-site Scripting (XSS)
Moderate
CVE-2024-34000
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
High
CVE-2024-34005
was published
for
moodle/moodle
(Composer)
May 31, 2024
ThinkAdmin directory traversal vulnerability
High
CVE-2020-25540
was published
for
zoujingli/thinkadmin
(Composer)
May 24, 2022
Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency
Moderate
CVE-2024-28859
was published
for
friendsofsymfony1/swiftmailer
(Composer)
Mar 18, 2024
Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-9wg9-93h9-j8ch
was published
for
auth0/symfony
(Composer)
May 17, 2025
Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-2f4r-34m4-3w8q
was published
for
auth0/wordpress
(Composer)
May 17, 2025
laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-9fwj-9mjf-rhj3
was published
for
auth0/login
(Composer)
May 17, 2025
LibreNMS stored Cross-site Scripting vulnerability in poller group name
Low
CVE-2025-47931
was published
for
librenms/librenms
(Composer)
May 19, 2025
Symfony UX allows unsanitized HTML attribute injection via ComponentAttributes
Moderate
CVE-2025-47946
was published
for
symfony/ux-live-component
(Composer)
May 19, 2025
tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting
Moderate
CVE-2024-11718
was published
for
couleurcitron/tarteaucitron-wp
(Composer)
May 15, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file
High
CVE-2024-56408
was published
for
phpoffice/phpexcel
(Composer)
Jan 3, 2025
TYPO3 CMS Webhooks Server Side Request Forgery
Low
CVE-2025-47936
was published
for
typo3/cms-webhooks
(Composer)
May 20, 2025
TYPO3 Allows Information Disclosure via DBAL Restriction Handling
Low
CVE-2025-47937
was published
for
typo3/cms-core
(Composer)
May 20, 2025
TYPO3 Unverified Password Change for Backend Users
Low
CVE-2025-47938
was published
for
typo3/cms-core
(Composer)
May 20, 2025
TYPO3 Allows Privilege Escalation to System Maintainer
High
CVE-2025-47940
was published
for
typo3/cms-core
(Composer)
May 20, 2025
The TYPO3 CMS Backend has Broken Authentication in Backend MFA
High
CVE-2025-47941
was published
for
typo3/cms-backend
(Composer)
May 20, 2025
ProTip!
Advisories are also available from the
GraphQL API