GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
23 advisories
Filter by severity
CodeIgniter4 allows spoofing of IP address when using proxy
High
CVE-2022-23556
was published
for
codeigniter4/framework
(Composer)
Dec 22, 2022
Payment information sent to PayPal not necessarily identical to created order
High
CVE-2023-23941
was published
for
swag/paypal
(Composer)
Feb 3, 2023
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
Moderate
CVE-2023-5548
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Validation of SignedInfo
High
CVE-2023-49087
was published
for
simplesamlphp/saml2
(Composer)
Nov 28, 2023
Composer allows cache poisoning from other projects built on the same host
High
CVE-2015-8371
was published
for
composer/composer
(Composer)
Sep 21, 2023
Magento 2 Community Edition Security Bypass
High
CVE-2019-8112
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition Insufficient Logging
Moderate
CVE-2019-8124
was published
for
magento/community-edition
(Composer)
May 24, 2022
File reference keys leads to incorrect hashes on HMAC algorithms
Moderate
CVE-2021-41106
was published
for
lcobucci/jwt
(Composer)
Sep 29, 2021
Drupal Incorrect cache context on password reset page
High
CVE-2016-9450
was published
for
drupal/core
(Composer)
May 17, 2022
Laravel Reverb Missing API Signature Verification
High
CVE-2024-50347
was published
for
laravel/reverb
(Composer)
Oct 31, 2024
Moodle vulnerable to cache poisoning via injection into storage
Moderate
CVE-2024-43428
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
MantisBT lacks verification when changing a user's email address
Moderate
CVE-2025-55155
was published
for
mantisbt/mantisbt
(Composer)
Nov 3, 2025
Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK
Moderate
GHSA-f3r2-88mq-9v4g
was published
for
auth0/symfony
(Composer)
Dec 17, 2025
MineAdmin improperly refreshes tokens
Low
CVE-2026-1195
was published
for
mineadmin/mineadmin
(Composer)
Jan 20, 2026
WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php
Moderate
CVE-2026-39366
was published
for
wwbn/avideo
(Composer)
Apr 8, 2026
Dolibarr has Insufficient Verification of Data Authenticity
Low
CVE-2026-7689
was published
for
dolibarr/dolibarr
(Composer)
May 3, 2026
OpenID Connect nonce generated but never validated — ID token replay attack
Moderate
CVE-2026-42206
was published
for
roadiz/openid
(Composer)
Apr 29, 2026
Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims
Moderate
CVE-2026-45069
was published
for
symfony/security-http
(Composer)
May 27, 2026
WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint
High
CVE-2026-47696
was published
for
WWBN/AVideo
(Composer)
Jun 4, 2026
symfony/ux-live-component: LiveComponentHydrator HMAC checksum lacks component and slot binding
Low
CVE-2026-49212
was published
for
symfony/ux-live-component
(Composer)
Jun 19, 2026
AVideo has an Authorize.Net Webhook Signature Bypass that Enables Wallet Balance Inflation via Forged Payment Data
Moderate
CVE-2026-33731
was published
for
wwbn/avideo
(Composer)
Jun 22, 2026
SimpleSAMLphp SP accepts a response from an unexpected IdP when unsigned `Response/InResponseTo` is combined with a signed assertion lacking `SubjectConfirmationData/InResponseTo`
High
CVE-2026-49284
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jul 2, 2026
PHP JWT Framework: JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks
High
GHSA-jc38-x7x8-2xc8
was published
for
web-token/jwt-bundle
(Composer)
Jun 18, 2026
ProTip!
Advisories are also available from the
GraphQL API