GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
5,986 advisories
Filament: Disabled RichEditor field state can be used for XSS
High
CVE-2026-55409
was published
for
filament/forms
(Composer)
Jun 17, 2026
Laravel Framework: Temporary Signed URL Path Confusion
Moderate
GHSA-crmm-hgp2-wgrp
was published
for
laravel/framework
(Composer)
Jun 17, 2026
Laravel Framework: CRLF injection in default email rule
High
GHSA-5vg9-5847-vvmq
was published
for
laravel/framework
(Composer)
Jun 17, 2026
phpseclib: X.509 certificate validation sends attacker-controlled outbound requests (server-side request forgery) via Authority Information Access
Moderate
GHSA-m557-wrgg-6rp4
was published
for
phpseclib/phpseclib
(Composer)
Jun 16, 2026
Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization
Moderate
CVE-2026-48784
was published
for
symfony/routing
(Composer)
Jun 15, 2026
Symfony: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense
Moderate
CVE-2026-48760
was published
for
symfony/html-sanitizer
(Composer)
Jun 15, 2026
Symfony: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade
Moderate
CVE-2026-48747
was published
for
symfony/mailomat-mailer
(Composer)
Jun 15, 2026
Symfony: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient
Moderate
CVE-2026-48736
was published
for
symfony/http-client
(Composer)
Jun 15, 2026
Symfony: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes
High
CVE-2026-48489
was published
for
symfony/security-http
(Composer)
Jun 15, 2026
Symfony: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes
Moderate
CVE-2026-48761
was published
for
symfony/html-sanitizer
(Composer)
Jun 15, 2026
ProTip!
Advisories are also available from the
GraphQL API