GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4 advisories
Statamic: Unsafe method invocation via query value resolution allows data destruction
High
CVE-2026-41175
was published
for
statamic/cms
(Composer)
Apr 16, 2026
Composer has a command injection via malicious perforce reference
High
CVE-2026-40261
was published
for
composer/composer
(Composer)
Apr 14, 2026
phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
Low
CVE-2026-40194
was published
for
phpseclib/phpseclib
(Composer)
Apr 10, 2026
AVideo has SSRF Protection Bypass via HTTP Redirect in Image Download Endpoints
Moderate
CVE-2026-33766
was published
for
wwbn/avideo
(Composer)
Mar 26, 2026
ProTip!
Advisories are also available from the
GraphQL API