GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
2,706 advisories
Sylius PayPal Plugin Payment Amount Manipulation Vulnerability
Moderate
CVE-2025-29788
was published
for
sylius/paypal-plugin
(Composer)
Mar 17, 2025
Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite
Moderate
CVE-2025-27794
was published
for
flarum/core
(Composer)
Mar 12, 2025
Pimcore Vulnerable to SQL Injection in getRelationFilterCondition
Moderate
CVE-2025-27617
was published
for
pimcore/pimcore
(Composer)
Mar 11, 2025
Froxlor has an HTML Injection Vulnerability
Moderate
CVE-2025-48958
was published
for
froxlor/froxlor
(Composer)
Mar 11, 2025
Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover
Moderate
CVE-2025-29773
was published
for
froxlor/froxlor
(Composer)
Mar 11, 2025
Laravel framework susceptible to reflected cross-site scripting
Moderate
CVE-2024-13918
was published
for
laravel/framework
(Composer)
Mar 10, 2025
Laravel has a File Validation Bypass
Moderate
CVE-2025-27515
was published
for
laravel/framework
(Composer)
Mar 5, 2025
REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation
Moderate
CVE-2025-27412
was published
for
redaxo/source
(Composer)
Mar 5, 2025
REDAXO allows Arbitrary File Upload in the mediapool page
Moderate
CVE-2025-27411
was published
for
redaxo/source
(Composer)
Mar 5, 2025
Formwork has a cross-site scripting (XSS) vulnerability in Site title
Moderate
GHSA-vf6x-59hh-332f
was published
for
getformwork/formwork
(Composer)
Mar 1, 2025
Mautic allows Relative Path Traversal in assets file upload
Moderate
CVE-2022-25773
was published
for
mautic/core
(Composer)
Feb 26, 2025
Leantime affected by Improper Neutralization of HTML Tags
Moderate
CVE-2025-28254
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
Leantime allows Cross-Site Request Forgery (CSRF)
Moderate
GHSA-92xh-6x7v-4rmq
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
Leantime allows Stored Cross-Site Scripting (XSS)
Moderate
GHSA-63cr-xg3f-8jvr
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
Leantime allows Refelected Cross-Site Scripting (XSS)
Moderate
GHSA-52xf-h226-pfgx
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
Leantime has Insufficiently Protected Credentials
Moderate
GHSA-h6w8-27ph-c385
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
ProTip!
Advisories are also available from the
GraphQL API