Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,418 advisories

Loading
LimeSurvey Cross Site Scripting vulnerability Moderate
CVE-2024-28709 was published for limesurvey/limesurvey (Composer) Oct 7, 2024
Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name Moderate
CVE-2024-45932 was published for krayin/laravel-crm (Composer) Oct 7, 2024
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks Moderate
CVE-2024-45292 was published for phpoffice/phpspreadsheet (Composer) Oct 7, 2024
emilvirkki
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled Moderate
CVE-2024-45291 was published for phpoffice/phpspreadsheet (Composer) Oct 7, 2024
emilvirkki
Lara-zeus Dynamic Dashboard and Artemis do not validate paragraph widget values which can be used for XSS Moderate
CVE-2024-47817 was published for lara-zeus/artemis (Composer) Oct 7, 2024
sharmaraghs
PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file Moderate
CVE-2024-45060 was published for phpoffice/phpspreadsheet (Composer) Oct 7, 2024
stealthcopter
Mediawiki Cargo extension vulnerable to Cross-site Scripting Moderate
CVE-2024-47847 was published for mediawiki/cargo (Composer) Oct 5, 2024
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS Moderate
CVE-2024-47765 was published for dev-lancer/minecraft-motd-parser (Composer) Oct 4, 2024
Krymonota jgniecki
Injection of arbitrary HTML/JavaScript code through the media download URL Moderate
CVE-2024-47617 was published for sulu/sulu (Composer) Oct 3, 2024
Cross-site Scripting via uploaded SVG Moderate
CVE-2024-47618 was published for sulu/sulu (Composer) Oct 3, 2024
alexander-schranz
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature Moderate
CVE-2024-47523 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature Moderate
CVE-2024-47525 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature Moderate
CVE-2024-47527 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
Pagekit Cross-site Scripting vulnerability Moderate
CVE-2024-45967 was published for pagekit/pagekit (Composer) Oct 1, 2024
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field Moderate
CVE-2024-47536 was published for starcitizentools/citizen-skin (Composer) Sep 30, 2024
BlankEclair
MantisBT vulnerable to information disclosure with user profiles Moderate
CVE-2024-45792 was published for mantisbt/mantisbt (Composer) Sep 30, 2024
c-schmitz dregad
IDOR vulnerability in account profile page Moderate
CVE-2024-39319 was published for aimeos/ai-controller-frontend (Composer) Sep 26, 2024
ssshah2131
Mautic allows users enumeration due to weak password login Moderate
CVE-2024-47059 was published for mautic/core (Composer) Sep 18, 2024
tomekkowalczyk patrykgruszka
escopecz rafibz007
Mautic has insufficient authentication in upgrade flow Moderate
CVE-2024-47051 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
Mautic has an XSS in contact tracking and page hits report Moderate
CVE-2021-27917 was published for mautic/core (Composer) Sep 18, 2024
patrykgruszka lenonleite
escopecz
Mautic vulnerable to XSS in contact/company tracking (no authentication) Moderate
CVE-2024-47050 was published for mautic/core (Composer) Sep 18, 2024
mqrtin patrykgruszka
lenonleite escopecz
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field) Moderate
CVE-2024-47058 was published for mautic/core (Composer) Sep 18, 2024
lenonleite escopecz
Concrete CMS stored XSS vulnerability in the "Top Navigator Bar" block Moderate
CVE-2024-8660 was published for concrete5/concrete5 (Composer) Sep 17, 2024
Wire UI has a JS XSS Vulnerability on route /wireui/button?label=Content Moderate
CVE-2024-45803 was published for wireui/wireui (Composer) Sep 17, 2024
sharathdn1 ph7jack
czim/file-handling vulnerable to SSRF and directory traversal Moderate
CVE-2024-47049 was published for czim/file-handling (Composer) Sep 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database