GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
62 advisories
Formie: Pre-authenticated server-side template injection in Hidden fields
Critical
CVE-2026-45697
was published
for
verbb/formie
(Composer)
May 18, 2026
Scramble vulnerable to remote code execution via evaluation of user-controlled input in validation rules
Critical
CVE-2026-44262
was published
for
dedoc/scramble
(Composer)
May 6, 2026
Grav Vulnerable to Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature
Critical
CVE-2026-42607
was published
for
getgrav/grav
(Composer)
May 5, 2026
Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)
Critical
CVE-2026-41229
was published
for
froxlor/froxlor
(Composer)
Apr 16, 2026
WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks
Critical
CVE-2026-40911
was published
for
wwbn/avideo
(Composer)
Apr 14, 2026
CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
Critical
CVE-2026-25510
was published
for
ci4-cms-erp/ci4ms
(Composer)
Feb 2, 2026
Livewire is vulnerable to remote command execution during component property update hydration
Critical
CVE-2025-54068
was published
for
livewire/livewire
(Composer)
Jul 17, 2025
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
Critical
CVE-2025-49132
was published
for
pterodactyl/panel
(Composer)
Jun 19, 2025
Mautic allows Remote Code Execution and File Deletion in Asset Uploads
Critical
CVE-2024-47051
was published
for
mautic/core
(Composer)
Feb 26, 2025
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled
Critical
CVE-2024-56145
was published
for
craftcms/cms
(Composer)
Dec 18, 2024
October CMS safe mode bypass using Twig sandbox escape
Critical
CVE-2023-44382
was published
for
october/system
(Composer)
Nov 29, 2023
Cachet vulnerable to Authenticated Remote Code Execution
Critical
CVE-2023-43661
was published
for
cachethq/cachet
(Composer)
Oct 16, 2023
ProTip!
Advisories are also available from the
GraphQL API