Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,857
NuGet
696
pip
3,639
Pub
12
RubyGems
912
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,477 advisories

Loading
Dcat-Admin Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-54775 was published for dcat/laravel-admin (Composer) Dec 28, 2024
TeamPass privileges issue Critical
CVE-2024-50703 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
TeamPass mail_me operation authorization issue Moderate
CVE-2024-50702 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
TeamPass does not properly check whether a folder is in a user's allowed folders list Moderate
CVE-2024-50701 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
LGSL has a reflected XSS at /lgsl_files/lgsl_list.php Moderate
CVE-2024-56517 was published for tltneon/lgsl (Composer) Dec 30, 2024
tCu0n9
The wp-enable-svg WordPress plugin does not sanitize SVG files when uploaded Moderate
CVE-2024-11184 was published for mwdelaney/wp-enable-svg (Composer) Jan 2, 2025
Rudloff
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ Moderate
CVE-2024-56199 was published for phpmyfaq/phpmyfaq (Composer) Jan 2, 2025
geo-chen
PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file High
CVE-2024-56408 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class High
CVE-2024-56365 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file High
CVE-2024-56366 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file High
CVE-2024-56409 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properties Moderate
CVE-2024-56410 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header Moderate
CVE-2024-56411 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2024-56412 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
Extension:TabberNeue vulnerable to Cross-site Scripting High
CVE-2025-21612 was published for starcitizentools/tabber-neue (Composer) Jan 6, 2025
BlankEclair
Guzzle OAuth Subscriber has insufficient nonce entropy Moderate
CVE-2025-21617 was published for guzzlehttp/oauth-subscriber (Composer) Jan 6, 2025
psyker156
Grav Cross-site Scripting vulnerability Low
CVE-2024-35498 was published for getgrav/grav (Composer) Jan 6, 2025
REDAXO CMS Cross-site Scripting vulnerability Low
CVE-2024-46209 was published for redaxo/source (Composer) Jan 6, 2025
PHP-Textile has persistent XSS vulnerability in image link handling High
GHSA-95m2-chm4-mq7m was published for netcarver/textile (Composer) Jan 7, 2025
Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale Moderate
CVE-2025-22145 was published for nesbot/carbon (Composer) Jan 8, 2025
Duplicate Advisory: Stored XSS in REDAXO Moderate
GHSA-mfx6-jvw8-53fm was published for redaxo/redaxo (Composer) Jan 9, 2025 withdrawn
Drupal Open Social allows Functionality Misuse Moderate
CVE-2024-13274 was published for goalgorilla/open_social (Composer) Jan 9, 2025
Microweber Cross-site Scripting vulnerability Moderate
CVE-2024-33297 was published for microweber/microweber (Composer) Jan 10, 2025
Microweber Cross-site Scripting vulnerability Moderate
CVE-2024-33298 was published for microweber/microweber (Composer) Jan 10, 2025
Microweber Cross-site Scripting vulnerability Moderate
CVE-2024-33299 was published for microweber/microweber (Composer) Jan 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database