Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass High
CVE-2025-66294 was published for getgrav/grav (Composer) Dec 2, 2025
nakkouchtarek
Credited to nakkouchtarek
Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions High
CVE-2025-66301 was published for getgrav/grav (Composer) Dec 2, 2025
nakkouchtarek
Credited to nakkouchtarek
listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user Critical
CVE-2025-49136 was published for github.com/knadh/listmonk (Go) Jun 9, 2025
nakkouchtarek
Credited to nakkouchtarek
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database