GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
500 advisories
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled
Critical
CVE-2024-56145
was published
for
craftcms/cms
(Composer)
Dec 18, 2024
Symfony Service IDs Allow Injection
Critical
CVE-2019-10910
was published
for
symfony/dependency-injection
(Composer)
Nov 18, 2019
SQL injection in ADOdb PostgreSQL driver pg_insert_id() method
Critical
CVE-2025-46337
was published
for
adodb/adodb-php
(Composer)
May 1, 2025
Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK
Critical
CVE-2025-47275
was published
for
auth0/auth0-php
(Composer)
May 16, 2025
laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-9fwj-9mjf-rhj3
was published
for
auth0/login
(Composer)
May 17, 2025
Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-2f4r-34m4-3w8q
was published
for
auth0/wordpress
(Composer)
May 17, 2025
Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-9wg9-93h9-j8ch
was published
for
auth0/symfony
(Composer)
May 17, 2025
ThinkAdmin insecure unserialize vulnerability
Critical
CVE-2020-23653
was published
for
zoujingli/thinkadmin
(Composer)
May 24, 2022
YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download
Critical
CVE-2025-46348
was published
for
yeswiki/yeswiki
(Composer)
Apr 29, 2025
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
Critical
CVE-2022-47408
was published
for
fixpunkt/fp-newsletter
(Composer)
Dec 14, 2022
ProTip!
Advisories are also available from the
GraphQL API