Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling High
CVE-2025-47776 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
dregad piru
Credited to dregad and piru
TCPDF has incorrect comparison High
CVE-2024-56522 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
Codiad Vulnerable to PHP Magic Hash Vulnerability High
CVE-2020-23355 was published for codiad/codiad (Composer) May 24, 2022
Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header Critical
CVE-2020-13485 was published for verbb/knock-knock (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database