GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
25,668 advisories
pnpm has symlink traversal in file:/git dependencies
Moderate
CVE-2026-24056
was published
for
pnpm
(npm)
Jan 26, 2026
phpMyFAQ: Public API endpoints expose emails and invisible questions
Moderate
CVE-2026-24422
was published
for
phpmyfaq/phpmyfaq
(Composer)
Jan 23, 2026
phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)
Moderate
CVE-2026-24421
was published
for
phpmyfaq/phpmyfaq
(Composer)
Jan 23, 2026
phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)
Moderate
CVE-2026-24420
was published
for
phpmyfaq/phpmyfaq
(Composer)
Jan 23, 2026
XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages
Moderate
CVE-2026-24128
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jan 23, 2026
Moodle affected by a code injection vulnerability
High
CVE-2025-67847
was published
for
moodle/moodle
(Composer)
Jan 23, 2026
ProTip!
Advisories are also available from the
GraphQL API