Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,171 advisories

Loading
Connect-CMS information that is restricted to viewing is visible High
GHSA-2237-5r9w-vm8j was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
Cockpit Arbitrary File Upload High
CVE-2025-1025 was published for cockpit-hq/cockpit (Composer) Feb 5, 2025
Browsershot Path Traversal High
CVE-2025-1022 was published for spatie/browsershot (Composer) Feb 5, 2025
DevDojo Voyager vulnerable to path traversal High
CVE-2024-55415 was published for tcg/voyager (Composer) Jan 30, 2025
Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document High
GHSA-xr3m-6gq6-22cg was published for pimcore/pimcore (Composer) Jan 28, 2025
maeitsec
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter High
CVE-2023-30130 was published for craftcms/cms (Composer) May 12, 2023
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability High
GHSA-j2v2-3784-vr44 was published for opencart/opencart (Composer) Dec 18, 2024 withdrawn
Uncontrolled Resource Consumption in moodle High
CVE-2024-25978 was published for moodle/moodle (Composer) Feb 19, 2024
Cross-Site Request Forgery in moodle High
CVE-2024-25982 was published for moodle/moodle (Composer) Feb 19, 2024
Authenticated arbitrary file deletion in YesWiki High
CVE-2025-24019 was published for yeswiki/yeswiki (Composer) Jan 21, 2025
bWlrYQ Nishacid
Authenticated Stored XSS in YesWiki High
CVE-2025-24018 was published for yeswiki/yeswiki (Composer) Jan 21, 2025
bWlrYQ Nishacid
Unauthenticated DOM Based XSS in YesWiki High
CVE-2025-24017 was published for yeswiki/yeswiki (Composer) Jan 21, 2025
bWlrYQ Nishacid
Craft CMS has a potential RCE with a compromised security key High
CVE-2025-23209 was published for craftcms/cms (Composer) Jan 21, 2025
TYPO3 Scheduler Module vulnerable to Cross-Site Request Forgery High
CVE-2024-55924 was published for typo3/cms-scheduler (Composer) Jan 14, 2025
TYPO3 Extension Manager Module vulnerable to Cross-Site Request Forgery High
CVE-2024-55921 was published for typo3/cms-extensionmanager (Composer) Jan 14, 2025
Dolibarr vulnerable to remote code execution via uppercase manipulation High
CVE-2023-30253 was published for dolibarr/dolibarr (Composer) May 29, 2023
Laravel Framework RCE Vulnerability High
CVE-2018-15133 was published for laravel/framework (Composer) May 14, 2022
mattberry3
Snipe-IT remote code execution High
CVE-2024-48987 was published for snipe/snipe-it (Composer) Oct 11, 2024
PHP-Textile has persistent XSS vulnerability in image link handling High
GHSA-95m2-chm4-mq7m was published for netcarver/textile (Composer) Jan 7, 2025
Extension:TabberNeue vulnerable to Cross-site Scripting High
CVE-2025-21612 was published for starcitizentools/tabber-neue (Composer) Jan 6, 2025
BlankEclair
PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file High
CVE-2024-56409 was published for phpoffice/phpspreadsheet (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file High
CVE-2024-56408 was published for phpoffice/phpspreadsheet (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file High
CVE-2024-56366 was published for phpoffice/phpspreadsheet (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class High
CVE-2024-56365 was published for phpoffice/phpspreadsheet (Composer) Jan 3, 2025
Server Side Template Injection (SSTI) via Twig escape handler High
CVE-2024-28119 was published for getgrav/grav (Composer) Mar 22, 2024
as3617 juckchang
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database