GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
6 advisories
CraftCMS's `ElementSearchController` Affected by Blind SQL Injection
High
CVE-2026-31858
was published
for
craftcms/cms
(Composer)
Mar 11, 2026
Sylius has a DQL Injection via API Order Filters
Moderate
CVE-2026-31825
was published
for
sylius/sylius
(Composer)
Mar 11, 2026
Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs
High
CVE-2026-28425
was published
for
statamic/cms
(Composer)
Mar 1, 2026
Statamic is vulnerable to account takeover via password reset link injection
Critical
CVE-2026-27593
was published
for
statamic/cms
(Composer)
Feb 24, 2026
Statamic CMS vulnerable to privilege escalation via stored cross-site scripting
High
CVE-2026-25759
was published
for
statamic/cms
(Composer)
Feb 11, 2026
Statamic CMS's missing authorization allows access to assets
Moderate
CVE-2026-25633
was published
for
statamic/cms
(Composer)
Feb 11, 2026
ProTip!
Advisories are also available from the
GraphQL API