Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,719
Maven
5,000+
npm
4,329
NuGet
762
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5,067 advisories

Loading
alexusmai laravel-file-manager is vulnerable to Directory Traversal via the unzip/extraction functionality High
CVE-2025-65346 was published for alexusmai/laravel-file-manager (Composer) Dec 4, 2025
LibreNMS Arbitrary File Read Moderate
CVE-2017-16759 was published for librenms/librenms (Composer) May 13, 2022
murrant
Credited to murrant
LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint Moderate
CVE-2025-65093 was published for librenms/librenms (Composer) Nov 18, 2025
marcelomulder
Credited to marcelomulder
alexusmai laravel-file-manager is vulnerable to Directory Traversal Low
CVE-2025-65345 was published for alexusmai/laravel-file-manager (Composer) Dec 3, 2025
Snipe-IT is vulnerable to stored cross-site scripting Moderate
CVE-2025-65621 was published for snipe/snipe-it (Composer) Dec 1, 2025
Contao is vulnerable to cross-site scripting in templates Low
CVE-2025-65961 was published for contao/core-bundle (Composer) Nov 25, 2025
ausi m-vo
Credited to ausi and m-vo
FeehiCMS Has a Remote Code Execution via Unrestricted File Upload in Ad Management Moderate
CVE-2025-65657 was published for feehi/cms (Composer) Dec 2, 2025
Grav CMS is vulnerable to Cross Site Scripting (XSS) in the page editor Moderate
CVE-2025-65186 was published for getgrav/grav (Composer) Dec 2, 2025
Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors High
CVE-2025-66468 was published for aimeos/ai-cms-grapesjs (Composer) Dec 3, 2025
Snipe-IT allows stored XSS via the Locations "Country" field Moderate
CVE-2025-65622 was published for snipe/snipe-it (Composer) Dec 2, 2025
GrapesJsBuilder File Upload allows all file uploads High
CVE-2025-13827 was published for mautic/grapes-js-builder-bundle (Composer) Dec 2, 2025
driskell escopecz
patrykgruszka
Credited to driskell, escopecz, and patrykgruszka
Mautic user without privileged access to the Marketplace can install and uninstall composer packages Critical
CVE-2025-13828 was published for mautic/core (Composer) Dec 2, 2025
driskell escopecz
patrykgruszka
Credited to driskell, escopecz, and patrykgruszka
FeehiCMS fails to enforce server-side immutability Moderate
CVE-2025-63523 was published for feehi/feehicms (Composer) Dec 1, 2025
FeehiCMS is vulnerable to cross-site scripting via the id parameter of the User Update function Moderate
CVE-2025-63520 was published for feehi/feehicms (Composer) Dec 1, 2025
FeehiCMS is vulnerable to reverse tabnabbing Moderate
CVE-2025-63522 was published for feehi/feehicms (Composer) Dec 1, 2025
Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms High
CVE-2025-66298 was published for getgrav/grav (Composer) Dec 2, 2025
yiannakasgeorge
Credited to yiannakasgeorge
Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass High
CVE-2025-66294 was published for getgrav/grav (Composer) Dec 2, 2025
nakkouchtarek
Credited to nakkouchtarek
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parameter `data[header][template]` in Advanced Tab Moderate
CVE-2025-66310 was published for getgrav/grav (Composer) Dec 2, 2025
marcelomulder nmmorette
Credited to marcelomulder and nmmorette
Grav is vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab Moderate
CVE-2025-66309 was published for getgrav/grav (Composer) Dec 2, 2025
marcelomulder nmmorette
Credited to marcelomulder and nmmorette
Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig Injection High
CVE-2025-66297 was published for getgrav/grav (Composer) Dec 2, 2025
p1r0x
Credited to p1r0x
Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]` Moderate
CVE-2025-66308 was published for getgrav/grav (Composer) Dec 2, 2025
marcelomulder nmmorette
Credited to marcelomulder and nmmorette
Grav vulnerable to Path traversal / arbitrary YAML write via user creation leading to Account Takeover / System Corruption High
CVE-2025-66295 was published for getgrav/grav (Composer) Dec 2, 2025
NicatAliyevh
Credited to NicatAliyevh
Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter High
CVE-2025-66305 was published for getgrav/grav (Composer) Dec 2, 2025
marcelomulder nmmorette
Credited to marcelomulder and nmmorette
Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel Moderate
CVE-2025-66306 was published for getgrav/grav (Composer) Dec 2, 2025
ElvinNuruyev
Credited to ElvinNuruyev
Grav vulnerable to Path Traversal allowing server files backup Moderate
CVE-2025-66302 was published for getgrav/grav (Composer) Dec 2, 2025
abdellah0x0
Credited to abdellah0x0
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database