GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
4,266 advisories
Filter by severity
Laravel Pulse Allows Remote Code Execution via Unprotected Query Method
High
CVE-2024-55661
was published
for
laravel/pulse
(Composer)
Dec 13, 2024
Firefly III allows webhooks HTML Injection.
Moderate
CVE-2024-22075
was published
for
grumpydictator/firefly-iii
(Composer)
Jan 5, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting
Low
CVE-2024-4353
was published
for
concrete5/concrete5
(Composer)
Aug 1, 2024
Concrete CMS Stored XSS in Layout Preset Name
Moderate
CVE-2023-48650
was published
for
concrete5/concrete5
(Composer)
Feb 29, 2024
Concrete CMS Stored XSS
Low
CVE-2023-49337
was published
for
concrete5/concrete5
(Composer)
Feb 29, 2024
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2023-48651
was published
for
concrete5/concrete5
(Composer)
Feb 29, 2024
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2023-48653
was published
for
concrete5/concrete5
(Composer)
Feb 29, 2024
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55638
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability
Low
CVE-2024-55636
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55637
was published
for
drupal/core
(Composer)
Dec 10, 2024
Orchid Platform has Method Exposure Vulnerability in Modals
Moderate
CVE-2024-51992
was published
for
orchid/platform
(Composer)
Nov 12, 2024
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
Moderate
CVE-2024-52806
was published
for
simplesamlphp/saml2
(Composer)
Dec 2, 2024
Browsershot Local File Inclusion
High
CVE-2024-21544
was published
for
spatie/browsershot
(Composer)
Dec 13, 2024
thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames
Moderate
CVE-2024-55889
was published
for
thorsten/phpmyfaq
(Composer)
Dec 13, 2024
Symfony has an incorrect response from Validator when input ends with `\n`
Low
CVE-2024-50343
was published
for
symfony/symfony
(Composer)
Nov 6, 2024
Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx
Moderate
CVE-2024-55878
was published
for
shuchkin/simplexlsx
(Composer)
Dec 12, 2024
SimpleSAMLphp xml-common XXE vulnerability
High
CVE-2024-52596
was published
for
simplesamlphp/xml-common
(Composer)
Dec 2, 2024
Magento Open Source Improper Access Control vulnerability
Low
CVE-2024-45149
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
Moderate
CVE-2024-45119
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php
High
CVE-2024-49759
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php
High
CVE-2024-51497
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php
High
CVE-2024-49754
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
High
CVE-2024-49764
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
High
CVE-2024-51494
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
High
CVE-2024-50350
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
ProTip!
Advisories are also available from the
GraphQL API