Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,885 advisories

Loading
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message Low
GHSA-mqf3-qpc3-g26q was published for silverstripe/framework (Composer) Jan 14, 2025
Silverstripe Framework has a XSS in form messages Moderate
CVE-2024-53277 was published for silverstripe/framework (Composer) Jan 14, 2025
Silverstripe Framework has a XSS via insert media remote file oembed Moderate
CVE-2024-47605 was published for silverstripe/framework (Composer) Jan 14, 2025
Rancher UI has Stored Cross-site Scripting vulnerability High
CVE-2024-52281 was published for github.com/rancher/rancher (Go) Jan 14, 2025
Duplicate Advisory: Wildfly HAL Console Cross-Site Scripting Moderate
GHSA-5wjw-h8x5-v65m was published for org.jboss.hal:hal-console (Maven) Jan 14, 2025 withdrawn
Mediawiki - DataTransfer Extension Cross-Site Request Forgery (CSRF) and Cross-site Scripting (XSS) Moderate
CVE-2025-23081 was published for mediawiki/data-transfer (Composer) Jan 14, 2025
jte's HTML templates containing Javascript template strings are subject to XSS Moderate
CVE-2025-23026 was published for gg.jte:jte (Maven) Jan 13, 2025
Petersoj
Microweber Cross-site Scripting vulnerability Moderate
CVE-2024-33299 was published for microweber/microweber (Composer) Jan 10, 2025
Microweber Cross-site Scripting vulnerability Moderate
CVE-2024-33297 was published for microweber/microweber (Composer) Jan 10, 2025
Microweber Cross-site Scripting vulnerability Moderate
CVE-2024-33298 was published for microweber/microweber (Composer) Jan 10, 2025
Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability Low
CVE-2024-55226 was published for vaultwarden (Rust) Jan 9, 2025
Vaultwarden HTML injection vulnerability Low
CVE-2024-55224 was published for vaultwarden (Rust) Jan 9, 2025
Duplicate Advisory: Stored XSS in REDAXO Moderate
GHSA-mfx6-jvw8-53fm was published for redaxo/redaxo (Composer) Jan 9, 2025 withdrawn
PHP-Textile has persistent XSS vulnerability in image link handling High
GHSA-95m2-chm4-mq7m was published for netcarver/textile (Composer) Jan 7, 2025
REDAXO CMS Cross-site Scripting vulnerability Low
CVE-2024-46209 was published for redaxo/source (Composer) Jan 6, 2025
Grav Cross-site Scripting vulnerability Low
CVE-2024-35498 was published for getgrav/grav (Composer) Jan 6, 2025
Extension:TabberNeue vulnerable to Cross-site Scripting High
CVE-2025-21612 was published for starcitizentools/tabber-neue (Composer) Jan 6, 2025
BlankEclair
PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2024-56412 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header Moderate
CVE-2024-56411 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properties Moderate
CVE-2024-56410 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file High
CVE-2024-56409 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file High
CVE-2024-56366 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class High
CVE-2024-56365 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
Trix allows Cross-site Scripting via `javascript:` url in a link Moderate
CVE-2025-21610 was published for trix (npm) Jan 3, 2025
th4s1s intrip
PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file High
CVE-2024-56408 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
zly123987
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database