Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,655
Maven
5,000+
npm
4,284
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,854 advisories

Loading
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properties Moderate
CVE-2024-56410 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header Moderate
CVE-2024-56411 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2024-56412 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet Moderate
CVE-2025-22131 was published for phpoffice/phpexcel (Composer) Jan 21, 2025
TRIKKSS
Credited to TRIKKSS
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks Moderate
CVE-2024-45292 was published for phpoffice/phpexcel (Composer) Oct 7, 2024
emilvirkki
Credited to emilvirkki
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled Moderate
CVE-2024-45291 was published for phpoffice/phpexcel (Composer) Oct 7, 2024
emilvirkki
Credited to emilvirkki
PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file Moderate
CVE-2024-45060 was published for phpoffice/phpexcel (Composer) Oct 7, 2024
stealthcopter
Credited to stealthcopter
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information Moderate
CVE-2024-45046 was published for phpoffice/phpexcel (Composer) Aug 29, 2024
emilvirkki marcinwealthon
neodc
Credited to emilvirkki, marcinwealthon, and neodc
Cross-site scripting in phpoffice/phpspreadsheet Moderate
CVE-2020-7776 was published for phpoffice/phpexcel (Composer) May 6, 2021
REDAXO allows Arbitrary File Upload in the mediapool page Moderate
CVE-2025-27411 was published for redaxo/source (Composer) Mar 5, 2025
0xadik
Credited to 0xadik
User account enumeration in eZ Publish Ibexa Kernel Moderate
CVE-2021-46876 was published for ezsystems/ezpublish-kernel (Composer) Mar 12, 2023
REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation Moderate
CVE-2025-27412 was published for redaxo/source (Composer) Mar 5, 2025
0xadik
Credited to 0xadik
IDOR vulnerability in account profile page Moderate
CVE-2024-39319 was published for aimeos/ai-controller-frontend (Composer) Sep 26, 2024
ssshah2131
Credited to ssshah2131
Cross Site Scripting in eZ Platform Ibexa Kernel Moderate
CVE-2021-46875 was published for ezsystems/ezplatform-kernel (Composer) Mar 12, 2023
Magento Open Source allows Cross-Site Scripting (XSS) Moderate
CVE-2024-20759 was published for magento/community-edition (Composer) Apr 10, 2024
Magento Open Source allows Cross-Site Request Forgery (CSRF) Moderate
CVE-2024-20718 was published for magento/community-edition (Composer) Feb 15, 2024
Magento Open Source allows Uncontrolled Resource Consumption Moderate
CVE-2024-20716 was published for magento/community-edition (Composer) Feb 15, 2024
Magento Open Source allows Uncontrolled Resource Consumption Moderate
CVE-2023-38251 was published for magento/community-edition (Composer) Oct 13, 2023
Magento Open Source allows SQL Injection Moderate
CVE-2023-38250 was published for magento/community-edition (Composer) Oct 13, 2023
Magento Open Source allows SQL Injection Moderate
CVE-2023-38249 was published for magento/community-edition (Composer) Oct 13, 2023
Magento Open Source allows SQL Injection Moderate
CVE-2023-38221 was published for magento/community-edition (Composer) Oct 13, 2023
Magento Open Source allows Improper Authorization Moderate
CVE-2023-38220 was published for magento/community-edition (Composer) Oct 13, 2023
Magento Open Source allows Incorrect Authorization Moderate
CVE-2023-38218 was published for magento/community-edition (Composer) Oct 13, 2023
Magento Open Source has Improper Input Validation Vulnerability Moderate
CVE-2023-26367 was published for magento/community-edition (Composer) Oct 13, 2023
Magento Open Source allows Server-Side Request Forgery (SSRF) Moderate
CVE-2023-26366 was published for magento/community-edition (Composer) Oct 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database