Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,458
Erlang
33
GitHub Actions
22
Go
2,156
Maven
5,000+
npm
3,818
NuGet
693
pip
3,497
Pub
12
RubyGems
903
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,549 advisories

Loading
Concrete CMS affected by a stored XSS in Folder Function.The "Add Folder" functionality Moderate
CVE-2025-0660 was published for concrete5/concrete5 (Composer) Mar 10, 2025
Laravel framework susceptible to reflected cross-site scripting Moderate
CVE-2024-13919 was published for laravel/framework (Composer) Mar 10, 2025
PocketMine-MP allows malicious client data to waste server resources due to lack of limits for explode() Moderate
GHSA-g274-c6jj-h78p was published for pocketmine/pocketmine-mp (Composer) Mar 10, 2025
Laravel framework susceptible to reflected cross-site scripting Moderate
CVE-2024-13918 was published for laravel/framework (Composer) Mar 10, 2025
PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2025-23210 was published for phpoffice/phpexcel (Composer) Feb 3, 2025
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properties Moderate
CVE-2024-56410 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header Moderate
CVE-2024-56411 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2024-56412 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet Moderate
CVE-2025-22131 was published for phpoffice/phpexcel (Composer) Jan 21, 2025
TRIKKSS
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks Moderate
CVE-2024-45292 was published for phpoffice/phpexcel (Composer) Oct 7, 2024
emilvirkki
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled Moderate
CVE-2024-45291 was published for phpoffice/phpexcel (Composer) Oct 7, 2024
emilvirkki
PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file Moderate
CVE-2024-45060 was published for phpoffice/phpexcel (Composer) Oct 7, 2024
stealthcopter
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information Moderate
CVE-2024-45046 was published for phpoffice/phpexcel (Composer) Aug 29, 2024
emilvirkki marcinwealthon
neodc
Cross-site scripting in phpoffice/phpspreadsheet Moderate
CVE-2020-7776 was published for phpoffice/phpexcel (Composer) May 6, 2021
Laravel has a File Validation Bypass Moderate
CVE-2025-27515 was published for laravel/framework (Composer) Mar 5, 2025
Jusb3 TrixterTheTux
REDAXO allows Arbitrary File Upload in the mediapool page Moderate
CVE-2025-27411 was published for redaxo/source (Composer) Mar 5, 2025
0xadik
User account enumeration in eZ Publish Ibexa Kernel Moderate
CVE-2021-46876 was published for ezsystems/ezpublish-kernel (Composer) Mar 12, 2023
REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation Moderate
CVE-2025-27412 was published for redaxo/source (Composer) Mar 5, 2025
0xadik
IDOR vulnerability in account profile page Moderate
CVE-2024-39319 was published for aimeos/ai-controller-frontend (Composer) Sep 26, 2024
ssshah2131
Cross Site Scripting in eZ Platform Ibexa Kernel Moderate
CVE-2021-46875 was published for ezsystems/ezplatform-kernel (Composer) Mar 12, 2023
Magento Open Source allows Cross-Site Scripting (XSS) Moderate
CVE-2024-20759 was published for magento/community-edition (Composer) Apr 10, 2024
Magento Open Source allows Cross-Site Request Forgery (CSRF) Moderate
CVE-2024-20718 was published for magento/community-edition (Composer) Feb 15, 2024
Magento Open Source allows Uncontrolled Resource Consumption Moderate
CVE-2024-20716 was published for magento/community-edition (Composer) Feb 15, 2024
Magento Open Source allows Uncontrolled Resource Consumption Moderate
CVE-2023-38251 was published for magento/community-edition (Composer) Oct 13, 2023
Magento Open Source allows SQL Injection Moderate
CVE-2023-38250 was published for magento/community-edition (Composer) Oct 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database