GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
5,082 advisories
Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter
High
CVE-2025-66305
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel
Moderate
CVE-2025-66306
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav vulnerable to Path Traversal allowing server files backup
Moderate
CVE-2025-66302
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure
Moderate
CVE-2025-66307
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav Admin Plugin is vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`
Moderate
CVE-2025-66312
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters
Moderate
CVE-2025-66311
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav Exposes Password Hashes Leading to privilege escalation
Moderate
CVE-2025-66304
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav is vulnerable to a DOS on the admin panel
Moderate
CVE-2025-66303
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions
High
CVE-2025-66301
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav is vulnerable to Arbitrary File Read
High
CVE-2025-66300
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav is Vulnerable to Security Sandbox Bypass with SSTI (Server Side Template Injection)
High
CVE-2025-66299
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover
High
CVE-2025-66296
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
REDAXO CMS is vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
Moderate
CVE-2025-66026
was published
for
redaxo/source
(Composer)
Nov 25, 2025
Contao is vulnerable to cross-site scripting in templates
Low
CVE-2025-65961
was published
for
contao/core-bundle
(Composer)
Nov 25, 2025
Contao is vulnerable to remote code execution in template closures
Moderate
CVE-2025-65960
was published
for
contao/core-bundle
(Composer)
Nov 25, 2025
Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags
Moderate
CVE-2025-65956
was published
for
getformwork/formwork
(Composer)
Nov 24, 2025
ProTip!
Advisories are also available from the
GraphQL API