GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,263 advisories
Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export
Moderate
CVE-2026-45703
was published
for
pimcore/pimcore
(Composer)
May 27, 2026
Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
Moderate
CVE-2026-45075
was published
for
symfony/http-kernel
(Composer)
May 27, 2026
Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
Moderate
CVE-2026-45074
was published
for
symfony/security-http
(Composer)
May 27, 2026
Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
Moderate
CVE-2026-45073
was published
for
symfony/cache
(Composer)
May 27, 2026
Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names
Moderate
CVE-2026-45070
was published
for
symfony/mime
(Composer)
May 27, 2026
Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing
Moderate
CVE-2026-45064
was published
for
symfony/html-sanitizer
(Composer)
May 27, 2026
Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions
Moderate
CVE-2026-45334
was published
for
getkirby/cms
(Composer)
May 27, 2026
Kirby CMS's `pages.access` permission is not checked during rendering of page drafts
Moderate
CVE-2026-44176
was published
for
getkirby/cms
(Composer)
May 26, 2026
CraftCMS vulnerable to reflective XSS via incomplete return URL sanitization
Moderate
CVE-2026-31859
was published
for
craftcms/cms
(Composer)
Mar 11, 2026
FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service
Moderate
CVE-2026-45802
was published
for
setasign/fpdi
(Composer)
May 19, 2026
AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php`
Moderate
CVE-2026-46337
was published
for
WWBN/AVideo
(Composer)
May 19, 2026
MantisBT Has Authorization Bypass in Global Profile Creation
Moderate
CVE-2026-33052
was published
for
mantisbt/mantisbt
(Composer)
May 11, 2026
ProTip!
Advisories are also available from the
GraphQL API