Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,489
Maven
5,000+
npm
4,106
NuGet
735
pip
3,928
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,772 advisories

Loading
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-63cr-xg3f-8jvr was published for leantime/leantime (Composer) Feb 21, 2025
mufazmi
Leantime allows Refelected Cross-Site Scripting (XSS) Moderate
GHSA-52xf-h226-pfgx was published for leantime/leantime (Composer) Feb 21, 2025
Evildevil499
Leantime has Insufficiently Protected Credentials Moderate
GHSA-h6w8-27ph-c385 was published for leantime/leantime (Composer) Feb 21, 2025
ANIKETishereok s0calledhacker
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-mg4c-884j-pcq9 was published for leantime/leantime (Composer) Feb 21, 2025
kirankumar2117
Leantime has Host Header Injection Vulnerability Moderate
GHSA-99r5-84gr-59f6 was published for leantime/leantime (Composer) Feb 21, 2025
anim-29
Remote code execution in alextselegidis/easyappointments Moderate
CVE-2024-57601 was published for alextselegidis/easyappointments (Composer) Feb 13, 2025
Magento Business Logic Error vulnerability Moderate
CVE-2025-24425 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24427 was published for magento/community-edition (Composer) Feb 11, 2025
Magento stored Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-24428 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24437 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24436 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24435 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Information Exposure vulnerability Moderate
CVE-2025-24408 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Incorrect Authorization vulnerability Moderate
CVE-2025-24421 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24424 was published for magento/community-edition (Composer) Feb 11, 2025
Stored XSS in REDAXO Moderate
CVE-2024-13209 was published for redaxo/source (Composer) Feb 10, 2025
geo-chen
Connect-CMS Access control vulnerability Moderate
GHSA-5rjc-jc28-cwgg was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
Pimcore Admin Classic Bundle allows user enumeration Moderate
CVE-2025-24980 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 7, 2025
Ayman-Rayan
Withdrawn Advisory: Sylius allows unrestricted brute-force attacks on user accounts Moderate
CVE-2024-57610 was published for sylius/sylius (Composer) Feb 6, 2025 withdrawn
GSadee
Browsershot Local File Inclusion Moderate
CVE-2025-1026 was published for spatie/browsershot (Composer) Feb 5, 2025
PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2025-23210 was published for phpoffice/phpexcel (Composer) Feb 3, 2025
DevDojo Voyager Arbitrary File Write Moderate
CVE-2024-55417 was published for tcg/voyager (Composer) Jan 30, 2025
Twig security issue where escaping was missing when using null coalesce operator Moderate
CVE-2025-24374 was published for twig/twig (Composer) Jan 29, 2025
PhilETaylor fabpot
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc) Moderate
CVE-2025-24856 was published for causal/oidc (Composer) Jan 28, 2025
pimcore/customer-data-framework vulnerable to SQL Injection Moderate
CVE-2024-11956 was published for pimcore/customer-management-framework-bundle (Composer) Jan 28, 2025
maeitsec
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database