GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,778 advisories
laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-9fwj-9mjf-rhj3
was published
for
auth0/login
(Composer)
May 17, 2025
Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-2f4r-34m4-3w8q
was published
for
auth0/wordpress
(Composer)
May 17, 2025
Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-9wg9-93h9-j8ch
was published
for
auth0/symfony
(Composer)
May 17, 2025
Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK
Critical
CVE-2025-47275
was published
for
auth0/auth0-php
(Composer)
May 16, 2025
tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting
Moderate
CVE-2024-11718
was published
for
couleurcitron/tarteaucitron-wp
(Composer)
May 15, 2025
Sulu vulnerable to XXE in SVG File upload Inspector
Moderate
CVE-2025-47778
was published
for
sulu/sulu
(Composer)
May 15, 2025
Kirby vulnerable to path traversal of snippet names in the `snippet()` helper
Moderate
CVE-2025-30159
was published
for
getkirby/kirby
(Composer)
May 13, 2025
league/commonmark contains a XSS vulnerability in Attributes extension
Moderate
CVE-2025-46734
was published
for
league/commonmark
(Composer)
May 5, 2025
Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI
High
CVE-2025-46731
was published
for
craftcms/cms
(Composer)
May 5, 2025
October CMS Allows Unprotected SVG Rename in Media Manager
Low
CVE-2024-51991
was published
for
october/october
(Composer)
May 5, 2025
SQL injection in ADOdb PostgreSQL driver pg_insert_id() method
Critical
CVE-2025-46337
was published
for
adodb/adodb-php
(Composer)
May 1, 2025
YesWiki Stored XSS Vulnerability in Comments
Low
CVE-2025-46346
was published
for
yeswiki/yeswiki
(Composer)
Apr 29, 2025
YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution
High
CVE-2025-46347
was published
for
yeswiki/yeswiki
(Composer)
Apr 29, 2025
YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download
Critical
CVE-2025-46348
was published
for
yeswiki/yeswiki
(Composer)
Apr 29, 2025
Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting
Low
CVE-2025-46350
was published
for
yeswiki/yeswiki
(Composer)
Apr 29, 2025
Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
Moderate
CVE-2025-46550
was published
for
yeswiki/yeswiki
(Composer)
Apr 29, 2025
ProTip!
Advisories are also available from the
GraphQL API