Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

4,294 advisories

Loading
PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2024-56412 was published for phpoffice/phpspreadsheet (Composer) Jan 3, 2025
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header Moderate
CVE-2024-56411 was published for phpoffice/phpspreadsheet (Composer) Jan 3, 2025
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properties Moderate
CVE-2024-56410 was published for phpoffice/phpspreadsheet (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file High
CVE-2024-56409 was published for phpoffice/phpspreadsheet (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file High
CVE-2024-56366 was published for phpoffice/phpspreadsheet (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class High
CVE-2024-56365 was published for phpoffice/phpspreadsheet (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file High
CVE-2024-56408 was published for phpoffice/phpspreadsheet (Composer) Jan 3, 2025
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ Moderate
CVE-2024-56199 was published for phpmyfaq/phpmyfaq (Composer) Jan 2, 2025
geo-chen
LGSL has a reflected XSS at /lgsl_files/lgsl_list.php Moderate
CVE-2024-56517 was published for tltneon/lgsl (Composer) Dec 30, 2024
tCu0n9
TeamPass privileges issue Critical
CVE-2024-50703 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
TeamPass mail_me operation authorization issue Moderate
CVE-2024-50702 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
TeamPass does not properly check whether a folder is in a user's allowed folders list Moderate
CVE-2024-50701 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
Dcat-Admin Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-54775 was published for dcat/laravel-admin (Composer) Dec 28, 2024
Dcat Admin Cross-site Scripting (XSS) vulnerability Moderate
CVE-2024-54774 was published for dcat/laravel-admin (Composer) Dec 28, 2024
TCPDF missing character escape on error messages Moderate
CVE-2024-56527 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
TCPDF has incorrect comparison High
CVE-2024-56522 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
TCPDF missing certificate validation High
CVE-2024-56521 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
TCPDF lacks SVG sanitization Moderate
CVE-2024-56519 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
tecnickcom/tc-lib-pdf-font mishandles fonts Moderate
CVE-2024-56520 was published for tecnickcom/tc-lib-pdf-font (Composer) Dec 27, 2024
lgsl Stored Cross-Site Scripting vulnerability High
CVE-2024-56361 was published for tltneon/lgsl (Composer) Dec 26, 2024
onsali
Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx Moderate
CVE-2024-56364 was published for shuchkin/simplexlsx (Composer) Dec 23, 2024
shuchkin
Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback High
CVE-2024-56329 was published for joelbutcher/socialstream (Composer) Dec 20, 2024
carlosmintfan
Browsershot Improper Input Validation vulnerability High
CVE-2024-21549 was published for spatie/browsershot (Composer) Dec 20, 2024
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability Moderate
GHSA-j2v2-3784-vr44 was published for opencart/opencart (Composer) Dec 18, 2024 withdrawn
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled Critical
CVE-2024-56145 was published for craftcms/cms (Composer) Dec 18, 2024
akues-an
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database