Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,414 advisories

Loading
Microweber Cross-site Scripting vulnerability Moderate
CVE-2024-33297 was published for microweber/microweber (Composer) Jan 10, 2025
Microweber Cross-site Scripting vulnerability Moderate
CVE-2024-33298 was published for microweber/microweber (Composer) Jan 10, 2025
Duplicate Advisory: Stored XSS in REDAXO Moderate
GHSA-mfx6-jvw8-53fm was published for redaxo/redaxo (Composer) Jan 9, 2025 withdrawn
PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2024-56412 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header Moderate
CVE-2024-56411 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properties Moderate
CVE-2024-56410 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ Moderate
CVE-2024-56199 was published for phpmyfaq/phpmyfaq (Composer) Jan 2, 2025
geo-chen
Credited to geo-chen
The wp-enable-svg WordPress plugin does not sanitize SVG files when uploaded Moderate
CVE-2024-11184 was published for mwdelaney/wp-enable-svg (Composer) Jan 2, 2025
Rudloff
Credited to Rudloff
LGSL has a reflected XSS at /lgsl_files/lgsl_list.php Moderate
CVE-2024-56517 was published for tltneon/lgsl (Composer) Dec 30, 2024
tCu0n9
Credited to tCu0n9
Dcat-Admin Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-54775 was published for dcat/laravel-admin (Composer) Dec 28, 2024
Dcat Admin Cross-site Scripting (XSS) vulnerability Moderate
CVE-2024-54774 was published for dcat/laravel-admin (Composer) Dec 28, 2024
TCPDF missing character escape on error messages Moderate
CVE-2024-56527 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
TCPDF lacks SVG sanitization Moderate
CVE-2024-56519 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx Moderate
CVE-2024-56364 was published for shuchkin/simplexlsx (Composer) Dec 23, 2024
shuchkin
Credited to shuchkin
Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx Moderate
CVE-2024-55878 was published for shuchkin/simplexlsx (Composer) Dec 12, 2024
shuchkin
Credited to shuchkin
Drupal Core Cross-Site Scripting (XSS) Moderate
CVE-2024-12393 was published for drupal/core (Composer) Dec 10, 2024
LibreNMS stored cross-site scripting (XSS) vulnerability in the Device Settings section Moderate
CVE-2024-53457 was published for librenms/librenms (Composer) Dec 6, 2024
Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern Moderate
CVE-2024-53864 was published for ibexa/admin-ui (Composer) Dec 2, 2024
Redaxo Core CMS Cross Site Scripting (XSS) Moderate
CVE-2024-50803 was published for redaxo/source (Composer) Nov 19, 2024
LibreNMS has a stored XSS in ExamplePlugin with Device's Notes Moderate
CVE-2024-49758 was published for librenms/librenms (Composer) Nov 15, 2024
minhnq1618
Credited to minhnq1618
Cross site scripting in sylius/sylius Moderate
CVE-2021-3841 was published for sylius/sylius (Composer) Nov 15, 2024
UnoPim Stored XSS : Cookie hijacking through Create User function Moderate
CVE-2024-52305 was published for unopim/unopim (Composer) Nov 13, 2024
yamerooo123
Credited to yamerooo123
Moodle reflected XSS via H5P error message Moderate
CVE-2024-43439 was published for moodle/moodle (Composer) Nov 11, 2024
Froala WYSIWYG editor allows cross-site scripting (XSS) Moderate
CVE-2024-51434 was published for froala-editor (Composer) Nov 8, 2024
cdupuis
Credited to cdupuis
UnoPim Cross-site Scripting vulnerability Moderate
CVE-2024-50637 was published for unopim/unopim (Composer) Nov 6, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database