Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens Moderate
CVE-2026-45701 was published for sulu/sulu (Composer) May 18, 2026
gangadhar-s-k Credited to gangadhar-s-k, mamazu, alexander-schranz, and Prokyonn mamazu mamazu
alexander-schranz alexander-schranz Prokyonn Prokyonn
AVideo has an unauthenticated decrypt oracle leaking any ciphertext High
CVE-2026-33512 was published for wwbn/avideo (Composer) Mar 20, 2026
Ahmad-jarwan Credited to Ahmad-jarwan
AWS SDK for PHP's S3 Encryption Client has a Key Commitment Issue Moderate
CVE-2025-14761 was published for aws/aws-sdk-php (Composer) Dec 18, 2025
YesWiki Uses a Broken or Risky Cryptographic Algorithm High
CVE-2024-51478 was published for yeswiki/yeswiki (Composer) Oct 31, 2024
Nishacid Credited to Nishacid
fuel/core Crypt encryption compromised. Moderate
GHSA-fgrx-4637-fcf5 was published for fuel/core (Composer) May 15, 2024
asymmetricrypt/asymmetricrypt Padding Oracle Vulnerability in RSA Encryption Moderate
GHSA-87mp-xc4x-x8rh was published for asymmetricrypt/asymmetricrypt (Composer) May 15, 2024
PHP Censor uses a weak hashing algorithm for the remember me key Moderate
CVE-2024-34914 was published for php-censor/php-censor (Composer) May 14, 2024
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0 High
CVE-2022-31158 was published for packbackbooks/lti-1-3-php-library (Composer) Jul 15, 2022
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0 High
CVE-2022-31157 was published for packbackbooks/lti-1-3-php-library (Composer) Jul 15, 2022
PHP JOSE Library by Gree Inc. Uses a Broken or Risky Cryptographic Algorithm High
CVE-2016-5431 was published for gree/jose (Composer) May 24, 2022
Magento 2 Community Edition Cryptographic Flaw High
CVE-2019-7858 was published for magento/community-edition (Composer) May 24, 2022
Laravel Framework XSS in Blade templating engine Moderate
CVE-2021-43808 was published for illuminate/view (Composer) Dec 8, 2021
chinpei215 Credited to chinpei215
Use of a Broken or Risky Cryptographic Algorithm Low
CVE-2021-27913 was published for mautic/core (Composer) Sep 1, 2021
michaellrowley Credited to michaellrowley, mohit-rocks, and tdunlap607 mohit-rocks mohit-rocks
tdunlap607 tdunlap607
Reliance on Cookies without validation in OctoberCMS Moderate
CVE-2020-15128 was published for october/rain (Composer) Aug 5, 2020
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader Credited to ohader
Unauthenticated crypto and weak IV in Magento\Framework\Encryption High
CVE-2016-6485 was published for magento/community-edition (Composer) Nov 20, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database