GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
4,239 advisories
Filter by severity
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-45116
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-45127
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Incorrect Authorization vulnerability
Moderate
CVE-2024-45125
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-45121
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
Moderate
CVE-2024-45119
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-45129
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-45122
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Moderate
CVE-2024-45120
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-45124
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-45123
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-45130
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Input Validation vulnerability
Moderate
CVE-2024-45117
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-45128
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Livewire Remote Code Execution on File Uploads
High
CVE-2024-47823
was published
for
livewire/livewire
(Composer)
Oct 8, 2024
Denial of Service in TYPO3 Bookmark Toolbar
Low
CVE-2024-34537
was published
for
typo3/cms-backend
(Composer)
Oct 8, 2024
Information Disclosure in TYPO3 Page Tree
Low
CVE-2024-47780
was published
for
typo3/cms-backend
(Composer)
Oct 8, 2024
LimeSurvey Cross Site Scripting vulnerability
Moderate
CVE-2024-28710
was published
for
limesurvey/limesurvey
(Composer)
Oct 7, 2024
LimeSurvey Cross Site Scripting vulnerability
Moderate
CVE-2024-28709
was published
for
limesurvey/limesurvey
(Composer)
Oct 7, 2024
Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name
Moderate
CVE-2024-45932
was published
for
krayin/laravel-crm
(Composer)
Oct 7, 2024
XXE in PHPSpreadsheet's XLSX reader
High
CVE-2024-45293
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks
Moderate
CVE-2024-45292
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
Moderate
CVE-2024-45291
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file
High
CVE-2024-45290
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
Lara-zeus Dynamic Dashboard and Artemis do not validate paragraph widget values which can be used for XSS
Moderate
CVE-2024-47817
was published
for
lara-zeus/artemis
(Composer)
Oct 7, 2024
PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file
Moderate
CVE-2024-45060
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
ProTip!
Advisories are also available from the
GraphQL API