Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

6 advisories

Loading
Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export Moderate
CVE-2026-45703 was published for pimcore/pimcore (Composer) May 27, 2026
HuajiHD Credited to HuajiHD
Kirby CMS's system API endpoint leaks installed version and license data to authenticated users Moderate
CVE-2026-42051 was published for getkirby/cms (Composer) May 4, 2026
HuajiHD Credited to HuajiHD and 0x-bala 0x-bala 0x-bala
Craft CMS has a host header injection leading to SSRF via resource-js endpoint Moderate
CVE-2026-41130 was published for craftcms/cms (Composer) Apr 14, 2026
HuajiHD Credited to HuajiHD
Saloon has a Fixture Name Path Traversal Vulnerability Moderate
CVE-2026-33183 was published for saloonphp/saloon (Composer) Mar 25, 2026
HuajiHD Credited to HuajiHD, JonPurvis, and Sammyjo20 JonPurvis JonPurvis
Sammyjo20 Sammyjo20
Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL Moderate
CVE-2026-33182 was published for saloonphp/saloon (Composer) Mar 25, 2026
HuajiHD Credited to HuajiHD, JonPurvis, and Sammyjo20 JonPurvis JonPurvis
Sammyjo20 Sammyjo20
league/commonmark has an embed extension allowed_domains bypass Moderate
CVE-2026-33347 was published for league/commonmark (Composer) Mar 19, 2026
HuajiHD Credited to HuajiHD
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database