Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,379 advisories

Loading
LGSL has a reflected XSS at /lgsl_files/lgsl_list.php Moderate
CVE-2024-56517 was published for tltneon/lgsl (Composer) Dec 30, 2024
tCu0n9
Dcat-Admin Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-54775 was published for dcat/laravel-admin (Composer) Dec 28, 2024
Dcat Admin Cross-site Scripting (XSS) vulnerability Moderate
CVE-2024-54774 was published for dcat/laravel-admin (Composer) Dec 28, 2024
TCPDF missing character escape on error messages Moderate
CVE-2024-56527 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
TCPDF lacks SVG sanitization Moderate
CVE-2024-56519 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
lgsl Stored Cross-Site Scripting vulnerability High
CVE-2024-56361 was published for tltneon/lgsl (Composer) Dec 26, 2024
onsali
Marp Core allows XSS by improper neutralization of HTML sanitization Moderate
CVE-2024-56510 was published for @marp-team/marp-core (npm) Dec 26, 2024
Ry0taK
Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx Moderate
CVE-2024-56364 was published for shuchkin/simplexlsx (Composer) Dec 23, 2024
shuchkin
Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment Moderate
GHSA-64gp-r758-8pfm was published for org.jboss.hal:hal-console (Maven) Dec 23, 2024
Piranha CMS Cross-site Scripting vulnerability Moderate
CVE-2024-55341 was published for Piranha (NuGet) Dec 20, 2024
Piranha CMS Cross-site Scripting vulnerability Moderate
CVE-2024-55342 was published for Piranha (NuGet) Dec 20, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload Low
CVE-2024-47528 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
baserCMS Cross-site Scripting vulnerability in Site search Feature Moderate
CVE-2023-44379 was published for baserproject/basercms (Composer) Feb 22, 2024
Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page Moderate
CVE-2023-37940 was published for com.liferay.portal:release.dxp.bom (Maven) Dec 18, 2024
Liferay Portal and Liferay DXP vulnerable to Criss-site Scripting Moderate
CVE-2024-11993 was published for com.liferay.portal:release.dxp.bom (Maven) Dec 17, 2024
Firefly III allows webhooks HTML Injection. Moderate
CVE-2024-22075 was published for grumpydictator/firefly-iii (Composer) Jan 5, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-4353 was published for concrete5/concrete5 (Composer) Aug 1, 2024
Concrete CMS Stored XSS in Layout Preset Name Moderate
CVE-2023-48650 was published for concrete5/concrete5 (Composer) Feb 29, 2024
Concrete CMS Stored XSS Low
CVE-2023-49337 was published for concrete5/concrete5 (Composer) Feb 29, 2024
Vitess allows HTML injection in /debug/querylogz & /debug/env Moderate
CVE-2024-53257 was published for vitess.io/vitess (Go) Dec 3, 2024
quinox
D-Tale allows Remote Code Execution through the Custom Filter Input Moderate
CVE-2024-55890 was published for dtale (pip) Dec 13, 2024
TaiPhung217
Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx Moderate
CVE-2024-55878 was published for shuchkin/simplexlsx (Composer) Dec 12, 2024
shuchkin
Possible Content Security Policy bypass in Action Dispatch Low
CVE-2024-54133 was published for actionpack (RubyGems) Dec 10, 2024
Apache Answer Cross-site Scripting vulnerability Moderate
CVE-2024-23349 was published for github.com/apache/incubator-answer (Go) Feb 22, 2024
Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php High
CVE-2024-49759 was published for librenms/librenms (Composer) Nov 15, 2024
RaphaelCSS RaphaelCSSilva
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database