GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
Statamic CMS's missing authorization allows access to assets
Moderate
CVE-2026-25633
was published
for
statamic/cms
(Composer)
Feb 11, 2026
Statamic CMS vulnerable to privilege escalation via stored cross-site scripting
High
CVE-2026-25759
was published
for
statamic/cms
(Composer)
Feb 11, 2026
Statamic is vulnerable to account takeover via password reset link injection
Critical
CVE-2026-27593
was published
for
statamic/cms
(Composer)
Feb 24, 2026
Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs
High
CVE-2026-28425
was published
for
statamic/cms
(Composer)
Mar 1, 2026
Sylius has a DQL Injection via API Order Filters
Moderate
CVE-2026-31825
was published
for
sylius/sylius
(Composer)
Mar 11, 2026
CraftCMS's `ElementSearchController` Affected by Blind SQL Injection
High
CVE-2026-31858
was published
for
craftcms/cms
(Composer)
Mar 11, 2026
CraftCMS has an RCE vulnerability via relational conditionals in the control panel
High
CVE-2026-31857
was published
for
craftcms/cms
(Composer)
Mar 11, 2026
RCE via SSTI for users with permissions to access the Craft CMS Webhooks plugin
High
CVE-2026-32261
was published
for
craftcms/webhooks
(Composer)
Mar 16, 2026
Amazon S3 for Craft CMS has an Information Disclosure vulnerability
Moderate
CVE-2026-32265
was published
for
craftcms/aws-s3
(Composer)
Mar 16, 2026
Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability
High
CVE-2026-32268
was published
for
craftcms/azure-blob
(Composer)
Mar 16, 2026
Craft CMS Vulnerable to Stored XSS in Revision Context Menu
Moderate
CVE-2026-33051
was published
for
craftcms/cms
(Composer)
Mar 18, 2026
ProTip!
Advisories are also available from the
GraphQL API