Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,414 advisories

Loading
Concrete CMS affected by a stored XSS in Folder Function.The "Add Folder" functionality Moderate
CVE-2025-0660 was published for concrete5/concrete5 (Composer) Mar 10, 2025
Laravel framework susceptible to reflected cross-site scripting Moderate
CVE-2024-13918 was published for laravel/framework (Composer) Mar 10, 2025
DmitriyLewen xaldama
kalidor
Credited to DmitriyLewen, xaldama, and kalidor
Laravel framework susceptible to reflected cross-site scripting Moderate
CVE-2024-13919 was published for laravel/framework (Composer) Mar 10, 2025
GeSHi XSS possible in the get_var function of /contrib/cssgen.php Moderate
CVE-2025-2123 was published for geshi/geshi (Composer) Mar 9, 2025
REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation Moderate
CVE-2025-27412 was published for redaxo/source (Composer) Mar 5, 2025
0xadik
Credited to 0xadik
Leantime affected by Improper Neutralization of HTML Tags Moderate
CVE-2025-28254 was published for leantime/leantime (Composer) Feb 21, 2025
cyber-brent hugo-guzman
Credited to cyber-brent and hugo-guzman
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-63cr-xg3f-8jvr was published for leantime/leantime (Composer) Feb 21, 2025
mufazmi
Credited to mufazmi
Leantime allows Refelected Cross-Site Scripting (XSS) Moderate
GHSA-52xf-h226-pfgx was published for leantime/leantime (Composer) Feb 21, 2025
Evildevil499
Credited to Evildevil499
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-mg4c-884j-pcq9 was published for leantime/leantime (Composer) Feb 21, 2025
kirankumar2117
Credited to kirankumar2117
Remote code execution in alextselegidis/easyappointments Moderate
CVE-2024-57601 was published for alextselegidis/easyappointments (Composer) Feb 13, 2025
Magento stored Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-24428 was published for magento/community-edition (Composer) Feb 11, 2025
Stored XSS in REDAXO Moderate
CVE-2024-13209 was published for redaxo/source (Composer) Feb 10, 2025
geo-chen
Credited to geo-chen
PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2025-23210 was published for phpoffice/phpexcel (Composer) Feb 3, 2025
phpMyAdmin XSS when checking tables Moderate
CVE-2025-24530 was published for phpmyadmin/phpmyadmin (Composer) Jan 23, 2025
ps_contactinfo has a potential XSS due to usage of the nofilter tag in template Moderate
CVE-2025-24027 was published for prestashop/ps_contactinfo (Composer) Jan 22, 2025
Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet Moderate
CVE-2025-22131 was published for phpoffice/phpexcel (Composer) Jan 21, 2025
TRIKKSS
Credited to TRIKKSS
Librenms has a reflected XSS on error alert Moderate
CVE-2025-23201 was published for librenms/librenms (Composer) Jan 16, 2025
tCu0n9
Credited to tCu0n9
LibreNMS Misc Section Stored Cross-site Scripting vulnerability Moderate
CVE-2025-23200 was published for librenms/librenms (Composer) Jan 16, 2025
tCu0n9
Credited to tCu0n9
LibreNMS Ports Stored Cross-site Scripting vulnerability Moderate
CVE-2025-23199 was published for librenms/librenms (Composer) Jan 16, 2025
tCu0n9
Credited to tCu0n9
LibreNMS Display Name Stored Cross-site Scripting vulnerability Moderate
CVE-2025-23198 was published for librenms/librenms (Composer) Jan 16, 2025
tCu0n9
Credited to tCu0n9
LibreNMS Display Name 2 Stored Cross-site Scripting vulnerability Moderate
CVE-2024-56144 was published for librenms/librenms (Composer) Jan 16, 2025
tCu0n9
Credited to tCu0n9
Silverstripe Framework has a XSS in form messages Moderate
CVE-2024-53277 was published for silverstripe/framework (Composer) Jan 14, 2025
Silverstripe Framework has a XSS via insert media remote file oembed Moderate
CVE-2024-47605 was published for silverstripe/framework (Composer) Jan 14, 2025
Mediawiki - DataTransfer Extension Cross-Site Request Forgery (CSRF) and Cross-site Scripting (XSS) Moderate
CVE-2025-23081 was published for mediawiki/data-transfer (Composer) Jan 14, 2025
Microweber Cross-site Scripting vulnerability Moderate
CVE-2024-33299 was published for microweber/microweber (Composer) Jan 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database