Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,482
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,283 advisories

Loading
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-63cr-xg3f-8jvr was published for leantime/leantime (Composer) Feb 21, 2025
mufazmi
Leantime allows Refelected Cross-Site Scripting (XSS) Moderate
GHSA-52xf-h226-pfgx was published for leantime/leantime (Composer) Feb 21, 2025
Evildevil499
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-mg4c-884j-pcq9 was published for leantime/leantime (Composer) Feb 21, 2025
kirankumar2117
Magento stored Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-24428 was published for magento/community-edition (Composer) Feb 11, 2025
Stored XSS in REDAXO Moderate
CVE-2024-13209 was published for redaxo/source (Composer) Feb 10, 2025
geo-chen
PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2025-23210 was published for phpoffice/phpspreadsheet (Composer) Feb 3, 2025
phpMyAdmin XSS when checking tables Moderate
CVE-2025-24530 was published for phpmyadmin/phpmyadmin (Composer) Jan 23, 2025
ps_contactinfo has a potential XSS due to usage of the nofilter tag in template Moderate
CVE-2025-24027 was published for prestashop/ps_contactinfo (Composer) Jan 22, 2025
Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet Moderate
CVE-2025-22131 was published for phpoffice/phpspreadsheet (Composer) Jan 21, 2025
TRIKKSS
Librenms has a reflected XSS on error alert Moderate
CVE-2025-23201 was published for librenms/librenms (Composer) Jan 16, 2025
tCu0n9
LibreNMS Misc Section Stored Cross-site Scripting vulnerability Moderate
CVE-2025-23200 was published for librenms/librenms (Composer) Jan 16, 2025
tCu0n9
LibreNMS Ports Stored Cross-site Scripting vulnerability Moderate
CVE-2025-23199 was published for librenms/librenms (Composer) Jan 16, 2025
tCu0n9
LibreNMS Display Name Stored Cross-site Scripting vulnerability Moderate
CVE-2025-23198 was published for librenms/librenms (Composer) Jan 16, 2025
tCu0n9
LibreNMS Display Name 2 Stored Cross-site Scripting vulnerability Moderate
CVE-2024-56144 was published for librenms/librenms (Composer) Jan 16, 2025
tCu0n9
Silverstripe Framework has a XSS in form messages Moderate
CVE-2024-53277 was published for silverstripe/framework (Composer) Jan 14, 2025
Silverstripe Framework has a XSS via insert media remote file oembed Moderate
CVE-2024-47605 was published for silverstripe/framework (Composer) Jan 14, 2025
Mediawiki - DataTransfer Extension Cross-Site Request Forgery (CSRF) and Cross-site Scripting (XSS) Moderate
CVE-2025-23081 was published for mediawiki/data-transfer (Composer) Jan 14, 2025
Microweber Cross-site Scripting vulnerability Moderate
CVE-2024-33298 was published for microweber/microweber (Composer) Jan 10, 2025
Microweber Cross-site Scripting vulnerability Moderate
CVE-2024-33299 was published for microweber/microweber (Composer) Jan 10, 2025
Microweber Cross-site Scripting vulnerability Moderate
CVE-2024-33297 was published for microweber/microweber (Composer) Jan 10, 2025
Duplicate Advisory: Stored XSS in REDAXO Moderate
GHSA-mfx6-jvw8-53fm was published for redaxo/redaxo (Composer) Jan 9, 2025 withdrawn
PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2024-56412 was published for phpoffice/phpspreadsheet (Composer) Jan 3, 2025
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header Moderate
CVE-2024-56411 was published for phpoffice/phpspreadsheet (Composer) Jan 3, 2025
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properties Moderate
CVE-2024-56410 was published for phpoffice/phpspreadsheet (Composer) Jan 3, 2025
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ Moderate
CVE-2024-56199 was published for phpmyfaq/phpmyfaq (Composer) Jan 2, 2025
geo-chen
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database