Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

4,274 advisories

Loading
Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx Moderate
CVE-2024-56364 was published for shuchkin/simplexlsx (Composer) Dec 23, 2024
shuchkin
Laravel environment manipulation via query string High
CVE-2024-52301 was published for laravel/framework (Composer) Nov 12, 2024
Browsershot Improper Input Validation vulnerability High
CVE-2024-21549 was published for spatie/browsershot (Composer) Dec 20, 2024
Remote code execution in php-heic-to-jpg High
CVE-2024-48514 was published for maestroerror/php-heic-to-jpg (Composer) Oct 24, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload Low
CVE-2024-47528 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled Critical
CVE-2024-56145 was published for craftcms/cms (Composer) Dec 18, 2024
akues-an
Withdrawn Advisory: Nette Database SQL injection Moderate
CVE-2024-55586 was published for nette/database (Composer) Dec 10, 2024 withdrawn
calvera CSIRTTrizna
openCart Server-Side Template Injection (SSTI) vulnerability Moderate
CVE-2024-36694 was published for opencart/opencart (Composer) Jul 17, 2024
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability Moderate
GHSA-j2v2-3784-vr44 was published for opencart/opencart (Composer) Dec 18, 2024 withdrawn
baserCMS Cross-site Scripting vulnerability in Site search Feature Moderate
CVE-2023-44379 was published for baserproject/basercms (Composer) Feb 22, 2024
Spatie Browsershot Directory Traversal vulnerability High
CVE-2024-21547 was published for spatie/browsershot (Composer) Dec 18, 2024
UniSharp Laravel Filemanager Code Injection vulnerability High
CVE-2024-21546 was published for unisharp/laravel-filemanager (Composer) Dec 18, 2024
Laravel Pulse Allows Remote Code Execution via Unprotected Query Method High
CVE-2024-55661 was published for laravel/pulse (Composer) Dec 13, 2024
angelej
Firefly III allows webhooks HTML Injection. Moderate
CVE-2024-22075 was published for grumpydictator/firefly-iii (Composer) Jan 5, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-4353 was published for concrete5/concrete5 (Composer) Aug 1, 2024
Concrete CMS Stored XSS in Layout Preset Name Moderate
CVE-2023-48650 was published for concrete5/concrete5 (Composer) Feb 29, 2024
Concrete CMS Stored XSS Low
CVE-2023-49337 was published for concrete5/concrete5 (Composer) Feb 29, 2024
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability Moderate
CVE-2023-48651 was published for concrete5/concrete5 (Composer) Feb 29, 2024
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability Moderate
CVE-2023-48653 was published for concrete5/concrete5 (Composer) Feb 29, 2024
Drupal core contains a potential PHP Object Injection vulnerability High
CVE-2024-55638 was published for drupal/core (Composer) Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability Low
CVE-2024-55636 was published for drupal/core (Composer) Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability High
CVE-2024-55637 was published for drupal/core (Composer) Dec 10, 2024
Orchid Platform has Method Exposure Vulnerability in Modals Moderate
CVE-2024-51992 was published for orchid/platform (Composer) Nov 12, 2024
catferq
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages Moderate
CVE-2024-52806 was published for simplesamlphp/saml2 (Composer) Dec 2, 2024
ahacker1-securesaml
ProTip! Advisories are also available from the GraphQL API