GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,153 advisories
Filter by severity
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.php
High
CVE-2024-50352
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php
High
CVE-2024-50351
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
High
CVE-2024-50350
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
High
CVE-2024-49764
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php
High
CVE-2024-49759
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php
High
CVE-2024-49754
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
FileManager Deserialization of Untrusted Data vulnerability
High
CVE-2024-52306
was published
for
backpack/filemanager
(Composer)
Nov 13, 2024
Symfony has an Authentication Bypass via RememberMe
High
CVE-2024-51996
was published
for
symfony/security-http
(Composer)
Nov 13, 2024
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI
High
CVE-2024-52293
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
Craft CMS Arbitrary System File Read
High
CVE-2024-52292
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
High
CVE-2024-52291
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
Laravel environment manipulation via query string
High
CVE-2024-52301
was published
for
laravel/framework
(Composer)
Nov 12, 2024
Cross Site Scripting vulnerability in Snipe-IT
High
CVE-2024-51093
was published
for
snipe/snipe-it
(Composer)
Nov 12, 2024
PHPExcel XXE Vulnerability
High
CVE-2015-3542
was published
for
phpoffice/phpexcel
(Composer)
Nov 7, 2024
Moodle has CSRF risk in Feedback non-respondents report
High
CVE-2024-43434
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle Remote Code Execution vulnerability
High
CVE-2024-43425
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Symfony vulnerable to command execution hijack on Windows with Process class
High
CVE-2024-51736
was published
for
symfony/process
(Composer)
Nov 6, 2024
Laravel Reverb Missing API Signature Verification
High
CVE-2024-50347
was published
for
laravel/reverb
(Composer)
Oct 31, 2024
YesWiki Uses a Broken or Risky Cryptographic Algorithm
High
CVE-2024-51478
was published
for
yeswiki/yeswiki
(Composer)
Oct 31, 2024
ThinkPHP deserialization vulnerability
High
CVE-2024-48112
was published
for
topthink/thinkphp
(Composer)
Oct 30, 2024
SQL injection in funadmin
High
CVE-2024-48229
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
SQL injection in funadmin
High
CVE-2024-48230
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
Logic flaw in Funadmin
High
CVE-2024-48227
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
SQL injection in funadmin
High
CVE-2024-48224
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
SQL injection in funadmin
High
CVE-2024-48226
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
ProTip!
Advisories are also available from the
GraphQL API