Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,080
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,869 advisories

Loading
Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block Moderate
CVE-2025-26527 was published for moodle/moodle (Composer) Feb 24, 2025
Leantime affected by Improper Neutralization of HTML Tags Moderate
CVE-2025-28254 was published for leantime/leantime (Composer) Feb 21, 2025
cyber-brent hugo-guzman
Credited to cyber-brent and hugo-guzman
Leantime allows Cross-Site Request Forgery (CSRF) Moderate
GHSA-92xh-6x7v-4rmq was published for leantime/leantime (Composer) Feb 21, 2025
dead1nfluence
Credited to dead1nfluence
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-63cr-xg3f-8jvr was published for leantime/leantime (Composer) Feb 21, 2025
mufazmi
Credited to mufazmi
Leantime allows Refelected Cross-Site Scripting (XSS) Moderate
GHSA-52xf-h226-pfgx was published for leantime/leantime (Composer) Feb 21, 2025
Evildevil499
Credited to Evildevil499
Leantime has Insufficiently Protected Credentials Moderate
GHSA-h6w8-27ph-c385 was published for leantime/leantime (Composer) Feb 21, 2025
ANIKETishereok s0calledhacker
Credited to ANIKETishereok and s0calledhacker
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-mg4c-884j-pcq9 was published for leantime/leantime (Composer) Feb 21, 2025
kirankumar2117
Credited to kirankumar2117
Leantime has Host Header Injection Vulnerability Moderate
GHSA-99r5-84gr-59f6 was published for leantime/leantime (Composer) Feb 21, 2025
anim-29
Credited to anim-29
Remote code execution in alextselegidis/easyappointments Moderate
CVE-2024-57601 was published for alextselegidis/easyappointments (Composer) Feb 13, 2025
Magento stored Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-24428 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Business Logic Error vulnerability Moderate
CVE-2025-24425 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24435 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24427 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24436 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24437 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Incorrect Authorization vulnerability Moderate
CVE-2025-24421 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Information Exposure vulnerability Moderate
CVE-2025-24408 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24424 was published for magento/community-edition (Composer) Feb 11, 2025
Stored XSS in REDAXO Moderate
CVE-2024-13209 was published for redaxo/source (Composer) Feb 10, 2025
geo-chen
Credited to geo-chen
Connect-CMS Access control vulnerability Moderate
GHSA-5rjc-jc28-cwgg was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
Pimcore Admin Classic Bundle allows user enumeration Moderate
CVE-2025-24980 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 7, 2025
Ayman-Rayan
Credited to Ayman-Rayan
Withdrawn Advisory: Sylius allows unrestricted brute-force attacks on user accounts Moderate
CVE-2024-57610 was published for sylius/sylius (Composer) Feb 6, 2025 withdrawn
GSadee
Credited to GSadee
Browsershot Local File Inclusion Moderate
CVE-2025-1026 was published for spatie/browsershot (Composer) Feb 5, 2025
PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2025-23210 was published for phpoffice/phpexcel (Composer) Feb 3, 2025
DevDojo Voyager Arbitrary File Write Moderate
CVE-2024-55417 was published for tcg/voyager (Composer) Jan 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database