Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

13 advisories

Loading
Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion High
CVE-2024-54149 was published for winter/wn-cms-module (Composer) Dec 9, 2024
bennothommo Credited to bennothommo
PrestaShop Checkout Target PayPal merchant account hijacking from backoffice Low
CVE-2025-61924 was published for prestashop/ps_checkout (Composer) Oct 16, 2025
iNem0o Credited to iNem0o
libsodium has Incomplete List of Disallowed Inputs Moderate
CVE-2025-69277 was published for PyNaCl (Composer) Dec 31, 2025
Craft CMS has Twig Function Blocklist Bypass Moderate
CVE-2026-28783 was published for craftcms/cms (Composer) Mar 3, 2026
mHe4am Credited to mHe4am
Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items Moderate
CVE-2026-33628 was published for invoiceninja/invoiceninja (Composer) Mar 24, 2026
morimori-dev Credited to morimori-dev
Kimai leaks API Token Hash via Invoice Twig Template Low
GHSA-rh42-6rj2-xwmc was published for kimai/kimai (Composer) Apr 14, 2026
hett-patell Credited to hett-patell
OpenMage LTS has a Path Traversal Filter Bypass in Dataflow Module Moderate
CVE-2026-25525 was published for openmage/magento-lts (Composer) Apr 21, 2026
October CMS has Safe Mode Bypass via CSS Preprocessor Compilers Moderate
CVE-2026-26067 was published for october/system (Composer) Apr 21, 2026
Neosprings Credited to Neosprings and daftspunk daftspunk daftspunk
October CMS has Safe Mode Bypass via Twig Database Write Operations Moderate
CVE-2026-26274 was published for october/october (Composer) Apr 21, 2026
Neosprings Credited to Neosprings and daftspunk daftspunk daftspunk
Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification Moderate
CVE-2026-45066 was published for symfony/html-sanitizer (Composer) May 27, 2026
nicolas-grekas Credited to nicolas-grekas
Spatie Laravel Media Library contains a file upload restriction bypass High
CVE-2026-48557 was published for spatie/laravel-medialibrary (Composer) May 29, 2026
tonghuaroot Credited to tonghuaroot and nicolas-grekas nicolas-grekas nicolas-grekas
ProTip! Advisories are also available from the GraphQL API