Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,417
Maven
5,000+
npm
4,054
NuGet
723
pip
3,845
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

478 advisories

Loading
Moodle allows reflected XSS via question bank filter High
CVE-2025-26530 was published for moodle/moodle (Composer) Feb 24, 2025
Leantime allows Stored Cross-Site Scripting (XSS) High
GHSA-c39w-3pjx-qc7m was published for leantime/leantime (Composer) Feb 21, 2025
mnqazi
Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi) High
GHSA-v4q9-437p-mhpg was published for leantime/leantime (Composer) Feb 21, 2025
0xROI
S3-Proxy allows Reflected Cross-site Scripting (XSS) in template implementation High
CVE-2025-27088 was published for github.com/oxyno-zeta/s3-proxy/cmd/s3-proxy (Go) Feb 20, 2025
ddvleeuwen oxyno-zeta
Magento stored Cross-Site Scripting (XSS) vulnerability High
CVE-2025-24438 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24412 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24414 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24413 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24416 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24415 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24410 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24417 was published for magento/community-edition (Composer) Feb 11, 2025
MobSF Stored Cross-Site Scripting (XSS) High
CVE-2025-24803 was published for mobsf (pip) Feb 5, 2025
CKAN has an XSS vector in user uploaded images in group/org and user profiles High
CVE-2025-24372 was published for ckan (pip) Feb 5, 2025
m4dn355
Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document High
GHSA-xr3m-6gq6-22cg was published for pimcore/pimcore (Composer) Jan 28, 2025
maeitsec
Authenticated Stored XSS in YesWiki High
CVE-2025-24018 was published for yeswiki/yeswiki (Composer) Jan 21, 2025
bWlrYQ Nishacid
Unauthenticated DOM Based XSS in YesWiki High
CVE-2025-24017 was published for yeswiki/yeswiki (Composer) Jan 21, 2025
bWlrYQ Nishacid
Rancher UI has Stored Cross-site Scripting vulnerability High
CVE-2024-52281 was published for github.com/rancher/rancher (Go) Jan 14, 2025
PHP-Textile has persistent XSS vulnerability in image link handling High
GHSA-95m2-chm4-mq7m was published for netcarver/textile (Composer) Jan 7, 2025
Extension:TabberNeue vulnerable to Cross-site Scripting High
CVE-2025-21612 was published for starcitizentools/tabber-neue (Composer) Jan 6, 2025
BlankEclair
PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file High
CVE-2024-56409 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file High
CVE-2024-56366 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class High
CVE-2024-56365 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file High
CVE-2024-56408 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
zly123987
lgsl Stored Cross-Site Scripting vulnerability High
CVE-2024-56361 was published for tltneon/lgsl (Composer) Dec 26, 2024
onsali
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database