Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,857
NuGet
696
pip
3,639
Pub
12
RubyGems
912
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,199 advisories

Loading
TastyIgniter Has an Incorrect Access Control Vulnerability via `invoice()` Function High
CVE-2024-44313 was published for tastyigniter/tastyigniter (Composer) Mar 18, 2025
Snipe-IT remote code execution High
CVE-2024-48987 was published for snipe/snipe-it (Composer) Oct 11, 2024
SameSite Attribute vulnerability in pimCore High
CVE-2023-25240 was published for pimcore/pimcore (Composer) Feb 13, 2023
Unsafe Reflection in base Component class in yiisoft/yii2 High
CVE-2024-4990 was published for yiisoft/yii2 (Composer) Jun 2, 2024
zonia3000 mtangoo
iBotPeaches rob006
Adobe Commerce Path Traversal High
CVE-2025-24406 was published for magento/community-edition (Composer) Feb 11, 2025
Adobe Commerce Improper Authorization vulnerability High
CVE-2025-24409 was published for magento/community-edition (Composer) Feb 11, 2025
Formwork improperly validates input of User role preventing site and panel availability High
GHSA-c85w-x26q-ch87 was published for getformwork/formwork (Composer) Mar 1, 2025
Kyokito1412 giuscris
The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding High
CVE-2025-27773 was published for simplesamlphp/saml2 (Composer) Mar 11, 2025
ahacker1-securesaml ZeiP
Symfony vulnerable to command execution hijack on Windows with Process class High
CVE-2024-51736 was published for symfony/process (Composer) Nov 6, 2024
nicolas-grekas paulblei
phpseclib Infinite Loop vulnerability High
CVE-2023-27560 was published for phpseclib/phpseclib (Composer) Mar 3, 2023
janedbal
XXE in PHPSpreadsheet's XLSX reader High
CVE-2024-48917 was published for phpoffice/phpexcel (Composer) Nov 18, 2024
antoniospataro Antonio-R1
PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class High
CVE-2024-56365 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file High
CVE-2024-56366 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file High
CVE-2024-56408 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file High
CVE-2024-56409 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
XmlScanner bypass leads to XXE High
CVE-2024-47873 was published for phpoffice/phpexcel (Composer) Nov 18, 2024
Antonio-R1 antoniospataro
XXE in PHPSpreadsheet's XLSX reader High
CVE-2024-45293 was published for phpoffice/phpexcel (Composer) Oct 7, 2024
0xshade ixSly
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file High
CVE-2024-45290 was published for phpoffice/phpexcel (Composer) Oct 7, 2024
emilvirkki
XXE in PHPSpreadsheet encoding is returned High
CVE-2024-45048 was published for phpoffice/phpexcel (Composer) Aug 29, 2024
bytehope chinh2597
cavias
XXE in PHPSpreadsheet due to encoding issue High
CVE-2018-19277 was published for phpoffice/phpexcel (Composer) Nov 20, 2019
MarkLee131
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue High
CVE-2019-12331 was published for phpoffice/phpexcel (Composer) Nov 20, 2019
MarkLee131
Magento Open Source allows Improper Input Validation High
CVE-2024-20758 was published for magento/community-edition (Composer) Apr 10, 2024
Magento Open Source allows OS Command Injection High
CVE-2024-20720 was published for magento/community-edition (Composer) Feb 15, 2024
Magento Open Source allows Cross-Site Scripting (XSS) High
CVE-2024-20719 was published for magento/community-edition (Composer) Feb 15, 2024
Magento Open Source allows Improper Neutralization of Special Elements Used High
CVE-2023-38208 was published for magento/community-edition (Composer) Aug 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database