GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,870 advisories
Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet
Moderate
CVE-2025-22131
was published
for
phpoffice/phpexcel
(Composer)
Jan 21, 2025
XmlScanner bypass leads to XXE
High
CVE-2024-47873
was published
for
phpoffice/phpexcel
(Composer)
Nov 18, 2024
XXE in PHPSpreadsheet's XLSX reader
High
CVE-2024-45293
was published
for
phpoffice/phpexcel
(Composer)
Oct 7, 2024
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks
Moderate
CVE-2024-45292
was published
for
phpoffice/phpexcel
(Composer)
Oct 7, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
Moderate
CVE-2024-45291
was published
for
phpoffice/phpexcel
(Composer)
Oct 7, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file
High
CVE-2024-45290
was published
for
phpoffice/phpexcel
(Composer)
Oct 7, 2024
PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file
Moderate
CVE-2024-45060
was published
for
phpoffice/phpexcel
(Composer)
Oct 7, 2024
XXE in PHPSpreadsheet encoding is returned
High
CVE-2024-45048
was published
for
phpoffice/phpexcel
(Composer)
Aug 29, 2024
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information
Moderate
CVE-2024-45046
was published
for
phpoffice/phpexcel
(Composer)
Aug 29, 2024
XXE in PHPSpreadsheet due to encoding issue
High
CVE-2018-19277
was published
for
phpoffice/phpexcel
(Composer)
Nov 20, 2019
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
High
CVE-2019-12331
was published
for
phpoffice/phpexcel
(Composer)
Nov 20, 2019
Volt Allows RCE Via User-Crafted Requests
Critical
CVE-2025-27517
was published
for
livewire/volt
(Composer)
Mar 5, 2025
REDAXO allows Arbitrary File Upload in the mediapool page
Moderate
CVE-2025-27411
was published
for
redaxo/source
(Composer)
Mar 5, 2025
REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation
Moderate
CVE-2025-27412
was published
for
redaxo/source
(Composer)
Mar 5, 2025
IDOR vulnerability in account profile page
Moderate
CVE-2024-39319
was published
for
aimeos/ai-controller-frontend
(Composer)
Sep 26, 2024
ProTip!
Advisories are also available from the
GraphQL API