Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,331
Erlang
31
GitHub Actions
21
Go
2,093
Maven
5,000+
npm
3,756
NuGet
678
pip
3,443
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

4,331 advisories

Loading
ps_contactinfo has a potential XSS due to usage of the nofilter tag in template Moderate
CVE-2025-24027 was published for prestashop/ps_contactinfo (Composer) Jan 22, 2025
Webtrees Path Traversal vulnerability Moderate
CVE-2024-22723 was published for fisharebest/webtrees (Composer) Feb 28, 2024
Missing validation of header name and value in codeigniter4/framework Moderate
CVE-2025-24013 was published for codeigniter4/framework (Composer) Jan 21, 2025
neznaika0
Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet Moderate
CVE-2025-22131 was published for phpoffice/phpspreadsheet (Composer) Jan 21, 2025
TRIKKSS
Authenticated arbitrary file deletion in YesWiki High
CVE-2025-24019 was published for yeswiki/yeswiki (Composer) Jan 21, 2025
bWlrYQ Nishacid
Authenticated Stored XSS in YesWiki High
CVE-2025-24018 was published for yeswiki/yeswiki (Composer) Jan 21, 2025
bWlrYQ Nishacid
Unauthenticated DOM Based XSS in YesWiki High
CVE-2025-24017 was published for yeswiki/yeswiki (Composer) Jan 21, 2025
bWlrYQ Nishacid
Craft CMS has a potential RCE with a compromised security key High
CVE-2025-23209 was published for craftcms/cms (Composer) Jan 21, 2025
Cross site scripting in Concrete CMS Moderate
CVE-2024-8291 was published for concrete5/concrete5 (Composer) Sep 25, 2024
Concrete CMS Stored Cross-site Scripting vulnerability Moderate
CVE-2024-4350 was published for concrete5/concrete5 (Composer) Aug 12, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting Moderate
CVE-2024-4353 was published for concrete5/concrete5 (Composer) Aug 1, 2024
Cross site scripting in Concrete CMS Moderate
CVE-2024-7398 was published for concrete5/concrete5 (Composer) Sep 25, 2024
Concrete CMS Stored XSS in getAttributeSetName Moderate
CVE-2024-7394 was published for concrete5/concrete5 (Composer) Aug 8, 2024
Flarum's logout Route allows open redirects Moderate
CVE-2024-21641 was published for flarum/core (Composer) Jan 5, 2024
imorland DavideIadeluca
anonymous-nlp-student
Librenms has a reflected XSS on error alert Moderate
CVE-2025-23201 was published for librenms/librenms (Composer) Jan 16, 2025
tCu0n9
LibreNMS Misc Section Stored Cross-site Scripting vulnerability Moderate
CVE-2025-23200 was published for librenms/librenms (Composer) Jan 16, 2025
tCu0n9
LibreNMS Display Name Stored Cross-site Scripting vulnerability Moderate
CVE-2025-23198 was published for librenms/librenms (Composer) Jan 16, 2025
tCu0n9
LibreNMS Ports Stored Cross-site Scripting vulnerability Moderate
CVE-2025-23199 was published for librenms/librenms (Composer) Jan 16, 2025
tCu0n9
LibreNMS Display Name 2 Stored Cross-site Scripting vulnerability Moderate
CVE-2024-56144 was published for librenms/librenms (Composer) Jan 16, 2025
tCu0n9
Crayfish allows Remote Code Execution via Homarus Authorization header Critical
GHSA-mm6v-68qp-f9fw was published for islandora/crayfish (Composer) Jan 15, 2025
seth-shaw-asu adam-vessey
TYPO3 Potential Open Redirect via Parsing Differences Moderate
CVE-2024-55892 was published for typo3/cms-core (Composer) Jan 14, 2025
Silverstripe Framework has a XSS in form messages Moderate
CVE-2024-53277 was published for silverstripe/framework (Composer) Jan 14, 2025
Silverstripe Framework has a XSS via insert media remote file oembed Moderate
CVE-2024-47605 was published for silverstripe/framework (Composer) Jan 14, 2025
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message Low
GHSA-mqf3-qpc3-g26q was published for silverstripe/framework (Composer) Jan 14, 2025
TYPO3 DB Check Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55945 was published for typo3/cms-lowlevel (Composer) Jan 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database