Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Pterodactyl has a database resource limit bypass via race condition in Client API Low
CVE-2026-35202 was published for pterodactyl/panel (Composer) May 26, 2026
UDPSendToFailed Credited to UDPSendToFailed
twig/intl-extra: Unbounded formatter memoisation in keyed on template-controlled arguments Low
CVE-2026-46629 was published for twig/intl-extra (Composer) May 21, 2026
FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service Moderate
CVE-2026-45802 was published for setasign/fpdi (Composer) May 19, 2026
esnard Credited to esnard
PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions High
CVE-2026-40902 was published for phpoffice/phpspreadsheet (Composer) Apr 29, 2026
offset Credited to offset
PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader High
CVE-2026-40863 was published for phpoffice/phpspreadsheet (Composer) Apr 29, 2026
offset Credited to offset
PocketMine-MP: JSON decoding of unlimited size large arrays/objects in ModalFormResponse Handling High
GHSA-788v-5pfp-93ff was published for pocketmine/pocketmine-mp (Composer) Apr 6, 2026
Zwuiix-cmd Credited to Zwuiix-cmd and dktapps dktapps dktapps
TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service Moderate
CVE-2026-33541 was published for miraheze/ts-portal (Composer) Mar 27, 2026
Universal-Omega Credited to Universal-Omega
ConcreteCMS is vulnerable to Denial of Service During Bulk Downloads Moderate
CVE-2026-30662 was published for concrete5/concrete5 (Composer) Mar 24, 2026
AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php High
CVE-2026-33483 was published for wwbn/avideo (Composer) Mar 20, 2026
offset Credited to offset
Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits Moderate
CVE-2026-26047 was published for moodle/moodle (Composer) Feb 21, 2026
solspace/craft-freeform Has a DoS Vulnerability Low
GHSA-58q2-9x27-h2jm was published for solspace/craft-freeform (Composer) Jan 15, 2026
LeonBatch Credited to LeonBatch
Unauthenticated Craft CMS users can trigger a database backup High
CVE-2025-68456 was published for craftcms/cms (Composer) Jan 5, 2026
h4x0r-dz Credited to h4x0r-dz
MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length Moderate
CVE-2025-46556 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
TheAmazeng Credited to TheAmazeng and dregad dregad dregad
PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking High
GHSA-fqqv-56h5-f57g was published for pocketmine/pocketmine-mp (Composer) Sep 2, 2025
Zwuiix-cmd Credited to Zwuiix-cmd and dktapps dktapps dktapps
FPDI allows Memory Exhaustion (OOM) in PDF Parser which leads to Denial of Service Moderate
CVE-2025-54869 was published for setasign/fpdi (Composer) Aug 5, 2025
N0zoM1z0 Credited to N0zoM1z0
Drupal Admin Audit Trail Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2025-48448 was published for drupal/admin_audit_trail (Composer) Jun 11, 2025
PocketMine-MP allows malicious client data to waste server resources due to lack of limits for explode() Moderate
GHSA-g274-c6jj-h78p was published for pocketmine/pocketmine-mp (Composer) Mar 10, 2025
TYPO3 Denial of Service in Online Media Asset Handling Moderate
GHSA-f3wf-q4fj-3gxf was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Denial of Service in Frontend Record Registration High
GHSA-g585-crjf-vhwq was published for typo3/cms (Composer) Jun 7, 2024
Flooding Server with Thumbnail files High
CVE-2024-32871 was published for pimcore/pimcore (Composer) Jun 4, 2024
jheimbach Credited to jheimbach and dandanx dandanx dandanx
TYPO3 Denial of Service in Frontend Record Registration High
GHSA-hjx5-v9xg-7h25 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Denial of Service in Online Media Asset Handling Moderate
GHSA-29m4-mx89-3mjg was published for typo3/cms-core (Composer) May 30, 2024
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames High
GHSA-w8gf-g2vq-j2f4 was published for amphp/http-client (Composer) Apr 3, 2024
bartekn Credited to bartekn
Uncontrolled Resource Consumption in moodle High
CVE-2024-25978 was published for moodle/moodle (Composer) Feb 19, 2024
Bref's Uploaded Files Not Deleted in Event-Driven Functions Moderate
CVE-2024-24752 was published for bref/bref (Composer) Feb 1, 2024
smaury Credited to smaury and mnapoli mnapoli mnapoli
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database