Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,746
Erlang
35
GitHub Actions
29
Go
2,319
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
920
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

125 advisories

Loading
PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file High
CVE-2024-56408 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
zly123987
YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting High
CVE-2025-46349 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
Browsershot does not validate URL protocols passed to Browsershot URL method High
CVE-2022-41706 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
phpMyAdmin allows remote attackers to spoof content via the url parameter High
CVE-2015-7873 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class High
CVE-2024-56365 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file High
CVE-2024-56366 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file High
CVE-2024-56409 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
Magento Open Source allows Cross-Site Scripting (XSS) High
CVE-2024-20719 was published for magento/community-edition (Composer) Feb 15, 2024
Magento Open Source allows Stored Cross-Site Scripting (Stored XSS) High
CVE-2022-35698 was published for magento/community-edition (Composer) Oct 15, 2022
Magento stored Cross-Site Scripting (XSS) vulnerability High
CVE-2025-24438 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24417 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24412 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24413 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24415 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24416 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24410 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24414 was published for magento/community-edition (Composer) Feb 11, 2025
Moodle allows reflected XSS via question bank filter High
CVE-2025-26530 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle has a stored XSS risk in admin live log High
CVE-2025-26529 was published for moodle/moodle (Composer) Feb 24, 2025
Leantime allows Stored Cross-Site Scripting (XSS) High
GHSA-c39w-3pjx-qc7m was published for leantime/leantime (Composer) Feb 21, 2025
mnqazi
Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi) High
GHSA-v4q9-437p-mhpg was published for leantime/leantime (Composer) Feb 21, 2025
0xROI
Magento stored cross-site scripting (XSS) in the customer address upload feature High
CVE-2021-21030 was published for magento/community-edition (Composer) May 24, 2022
Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document High
GHSA-xr3m-6gq6-22cg was published for pimcore/pimcore (Composer) Jan 28, 2025
maeitsec
Authenticated Stored XSS in YesWiki High
CVE-2025-24018 was published for yeswiki/yeswiki (Composer) Jan 21, 2025
bWlrYQ Nishacid
Unauthenticated DOM Based XSS in YesWiki High
CVE-2025-24017 was published for yeswiki/yeswiki (Composer) Jan 21, 2025
bWlrYQ Nishacid
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database