Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

5,234 advisories

Loading
Pimcore Web2Print Tools Bundle "Favourite Output Channel Configuration" Missing Function Level Authorization Moderate
CVE-2026-23496 was published for pimcore/web2print-tools-bundle (Composer) Jan 15, 2026
ytlamal
Credited to ytlamal
Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing Moderate
CVE-2026-23495 was published for pimcore/admin-ui-classic-bundle (Composer) Jan 15, 2026
ytlamal
Credited to ytlamal
Pimcore is Vulnerable to Broken Access Control: Missing Function Level Authorization on "Static Routes" Listing Moderate
CVE-2026-23494 was published for pimcore/pimcore (Composer) Jan 15, 2026
ytlamal
Credited to ytlamal
Pimcore ENV Variables and Cookie Informations are exposed in http_error_log High
CVE-2026-23493 was published for pimcore/pimcore (Composer) Jan 15, 2026
putzflorian
Credited to putzflorian
Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling Moderate
GHSA-595p-g7xc-c333 was published for algolia/algoliasearch-magento-2 (Composer) Jan 14, 2026
IvanChepurnyi
Credited to IvanChepurnyi
Pimcore Has an Incomplete Patch for CVE-2023-30848 High
CVE-2026-23492 was published for pimcore/pimcore (Composer) Jan 14, 2026
Snow1nd
Credited to Snow1nd
pH7-Social-Dating-CMS affected by a stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-63644 was published for ph7software/ph7builder (Composer) Jan 14, 2026
Shopware Has Improper Control of Generation of Code in Twig rendered views High
CVE-2026-23498 was published for shopware/core (Composer) Jan 14, 2026
lukasz-rybak andreisss
Credited to lukasz-rybak and andreisss
Concrete5 CMS contains an XPath injection vulnerability Moderate
CVE-2022-50807 was published for concrete5/concrete5 (Composer) Jan 14, 2026
TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool Moderate
CVE-2026-0859 was published for typo3/cms-core (Composer) Jan 13, 2026
eliashaeussler ohader
Credited to eliashaeussler and ohader
TYPO3 CMS Allows Broken Access Control in Recycler Module High
CVE-2025-59022 was published for typo3/cms-recycler (Composer) Jan 13, 2026
TYPO3 CMS Allows Broken Access Control in Redirects Module Moderate
CVE-2025-59021 was published for typo3/cms-redirects (Composer) Jan 13, 2026
TYPO3 CMS Allows Broken Access Control in Edit Document Controller Moderate
CVE-2025-59020 was published for typo3/cms-backend (Composer) Jan 13, 2026
October CMS Vulnerable to Stored XSS via Branding Styles Moderate
CVE-2025-61676 was published for october/system (Composer) Jan 9, 2026
nakkouchtarek daftspunk
Credited to nakkouchtarek and daftspunk
October CMS Vulnerable to Stored XSS via Editor and Branding Styles Moderate
CVE-2025-61674 was published for october/system (Composer) Jan 9, 2026
nakkouchtarek daftspunk
Credited to nakkouchtarek and daftspunk
Kirby is missing permission checks in the content changes API Moderate
CVE-2026-21896 was published for getkirby/cms (Composer) Jan 8, 2026
lukaskleinschmidt
Credited to lukaskleinschmidt
CoreShop Vulnerable to SQL Injection via Admin Reports Moderate
CVE-2026-22242 was published for coreshop/core-shop (Composer) Jan 7, 2026
PlyNatwara bypazs
Credited to PlyNatwara and bypazs
Pterodactyl TOTPs can be reused during validity window Moderate
CVE-2025-69197 was published for pterodactyl/panel (Composer) Jan 6, 2026
Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced High
CVE-2025-68954 was published for github.com/pterodactyl/wings (Composer) Jan 6, 2026
real2two
Credited to real2two
Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read High
CVE-2026-21857 was published for redaxo/source (Composer) Jan 5, 2026
lukasz-rybak
Credited to lukasz-rybak
Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior High
CVE-2025-68455 was published for craftcms/cms (Composer) Jan 5, 2026
chutchut
Credited to chutchut
Unauthenticated Craft CMS users can trigger a database backup High
CVE-2025-68456 was published for craftcms/cms (Composer) Jan 5, 2026
h4x0r-dz
Credited to h4x0r-dz
Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI Moderate
CVE-2025-68454 was published for craftcms/cms (Composer) Jan 5, 2026
RajChowdhury240 rlarabee
Credited to RajChowdhury240 and rlarabee
Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation Moderate
CVE-2025-68437 was published for craftcms/cms (Composer) Jan 5, 2026
mHe4am
Credited to mHe4am
Craft CMS vulnerable to potential information disclosure via unchecked asset relocation Moderate
CVE-2025-68436 was published for craftcms/cms (Composer) Jan 5, 2026
z3rco
Credited to z3rco
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database