Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10 advisories

Loading
Statamic CMS's unsafe method invocation via collection sorting allows data destruction High
CVE-2026-49287 was published for statamic/cms (Composer) Jun 26, 2026
Eszh Credited to Eszh
Kirby CMS has an Arbitrary Method Call via REST API Search and Collection Query Endpoints High
CVE-2026-44174 was published for getkirby/cms (Composer) May 26, 2026
mojamojam Credited to mojamojam
Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior High
CVE-2026-44011 was published for craftcms/cms (Composer) May 6, 2026
precicom-vincent-tl Credited to precicom-vincent-tl
Statamic: Unsafe method invocation via query value resolution allows data destruction High
CVE-2026-41175 was published for statamic/cms (Composer) Apr 16, 2026
joshuaalwin Credited to joshuaalwin and kodareef5 kodareef5 kodareef5
Craft CMS is Vulnerable to Authenticated Remote Code Execution via Malicious Attached Behavior High
CVE-2026-33157 was published for craftcms/cms (Composer) Mar 24, 2026
yuma4869 Credited to yuma4869
Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController High
CVE-2026-32264 was published for craftcms/cms (Composer) Mar 16, 2026
Craft CMS vulnerable to behavior injection RCE via EntryTypesController High
CVE-2026-32263 was published for craftcms/cms (Composer) Mar 16, 2026
q1uf3ng Credited to q1uf3ng
Craft CMS Vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior High
CVE-2026-25498 was published for craftcms/cms (Composer) Feb 9, 2026
RajChowdhury240 Credited to RajChowdhury240 and rlarabee rlarabee rlarabee
Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior High
CVE-2025-68455 was published for craftcms/cms (Composer) Jan 5, 2026
chutchut Credited to chutchut
Unsafe Reflection in base Component class in yiisoft/yii2 High
CVE-2024-4990 was published for yiisoft/yii2 (Composer) Jun 2, 2024
zonia3000 Credited to zonia3000, mtangoo, iBotPeaches, and rob006 mtangoo mtangoo
iBotPeaches iBotPeaches rob006 rob006
ProTip! Advisories are also available from the GraphQL API