Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
October Rain has Stored XSS via SVG Filter Bypass Moderate
CVE-2026-25133 was published for october/rain (Composer) Apr 14, 2026
daftspunk Credited to daftspunk
October Rain has Environment Variable Exfiltration via INI Parser Interpolation Moderate
CVE-2026-25125 was published for october/rain (Composer) Apr 14, 2026
daftspunk Credited to daftspunk
October CMS has Stored XSS in Event Log Mail Preview Moderate
CVE-2026-24907 was published for october/system (Composer) Apr 14, 2026
Neosprings Credited to Neosprings and daftspunk daftspunk daftspunk
October CMS has Stored XSS in Backend Editor Markup Classes Moderate
CVE-2026-24906 was published for october/system (Composer) Apr 14, 2026
Neosprings Credited to Neosprings and daftspunk daftspunk daftspunk
October Rain has a Twig Sandbox Bypass via Collection Methods Moderate
CVE-2026-22692 was published for october/rain (Composer) Apr 14, 2026
lukasz-rybak Credited to lukasz-rybak and daftspunk daftspunk daftspunk
October CMS Vulnerable to Stored XSS via Branding Styles Moderate
CVE-2025-61676 was published for october/system (Composer) Jan 9, 2026
nakkouchtarek Credited to nakkouchtarek and daftspunk daftspunk daftspunk
October CMS Vulnerable to Stored XSS via Editor and Branding Styles Moderate
CVE-2025-61674 was published for october/system (Composer) Jan 9, 2026
nakkouchtarek Credited to nakkouchtarek and daftspunk daftspunk daftspunk
Withdrawn Advisory: October Cross-site Scripting vulnerability Moderate
CVE-2023-43876 was published for october/cms (Composer) Sep 28, 2023 withdrawn
daftspunk Credited to daftspunk
October CMS Safe Mode bypass leads to authenticated Remote Code Execution High
CVE-2022-35944 was published for october/system (Composer) Oct 13, 2022
cydave Credited to cydave and daftspunk daftspunk daftspunk
October CMS CSRF High
CVE-2017-16244 was published for october/october (Composer) May 13, 2022
daftspunk Credited to daftspunk
October CMS XSS Moderate
CVE-2017-1000193 was published for october/october (Composer) May 13, 2022
daftspunk Credited to daftspunk
October CMS File Upload Vulnerability Critical
CVE-2017-1000194 was published for october/october (Composer) May 13, 2022
daftspunk Credited to daftspunk
October CMS - RainLab Blog Plugin XSS Moderate
CVE-2018-7198 was published for rainlab/blog-plugin (Composer) May 13, 2022
daftspunk Credited to daftspunk
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database