Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,154 advisories

Loading
TCPDF has incorrect comparison High
CVE-2024-56522 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
TCPDF missing certificate validation High
CVE-2024-56521 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
lgsl Stored Cross-Site Scripting vulnerability High
CVE-2024-56361 was published for tltneon/lgsl (Composer) Dec 26, 2024
onsali
Browsershot Improper Input Validation vulnerability High
CVE-2024-21549 was published for spatie/browsershot (Composer) Dec 20, 2024
Spatie Browsershot Directory Traversal vulnerability High
CVE-2024-21547 was published for spatie/browsershot (Composer) Dec 18, 2024
UniSharp Laravel Filemanager Code Injection vulnerability High
CVE-2024-21546 was published for unisharp/laravel-filemanager (Composer) Dec 18, 2024
Laravel Pulse Allows Remote Code Execution via Unprotected Query Method High
CVE-2024-55661 was published for laravel/pulse (Composer) Dec 13, 2024
angelej
Browsershot Local File Inclusion High
CVE-2024-21544 was published for spatie/browsershot (Composer) Dec 13, 2024
Drupal core contains a potential PHP Object Injection vulnerability High
CVE-2024-55637 was published for drupal/core (Composer) Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability High
CVE-2024-55638 was published for drupal/core (Composer) Dec 10, 2024
league/commonmark's quadratic complexity bugs may lead to a denial of service High
GHSA-c2pc-g5qf-rfrf was published for league/commonmark (Composer) Dec 9, 2024
Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion High
CVE-2024-54149 was published for winter/wn-cms-module (Composer) Dec 9, 2024
bennothommo
phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available High
CVE-2024-54141 was published for thorsten/phpmyfaq (Composer) Dec 6, 2024
geo-chen
Drupal core Denial of Service High
CVE-2024-11941 was published for drupal/core (Composer) Dec 5, 2024
SimpleSAMLphp vulnerable to XXE in parsing SAML messages High
GHSA-j5g2-q29x-cw3h was published for simplesamlphp/simplesamlphp (Composer) Dec 2, 2024 withdrawn
ahacker1-securesaml
SimpleSAMLphp xml-common XXE vulnerability High
CVE-2024-52596 was published for simplesamlphp/xml-common (Composer) Dec 2, 2024
ahacker1-securesaml
Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization High
CVE-2024-36610 was published for symfony/var-dumper (Composer) Nov 29, 2024 withdrawn
jderusse
SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails High
CVE-2024-53860 was published for spencer14420/sp-php-email-handler (Composer) Nov 27, 2024
XXE in PHPSpreadsheet's XLSX reader High
CVE-2024-48917 was published for phpoffice/phpspreadsheet (Composer) Nov 18, 2024
antoniospataro Antonio-R1
XmlScanner bypass leads to XXE High
CVE-2024-47873 was published for phpoffice/phpspreadsheet (Composer) Nov 18, 2024
Antonio-R1 antoniospataro
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php High
CVE-2024-52526 was published for librenms/librenms (Composer) Nov 15, 2024
RaphaelCSS RaphaelCSSilva
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php High
CVE-2024-51497 was published for librenms/librenms (Composer) Nov 15, 2024
RaphaelCSS RaphaelCSSilva
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php High
CVE-2024-51496 was published for librenms/librenms (Composer) Nov 15, 2024
RaphaelCSS RaphaelCSSilva
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php High
CVE-2024-51495 was published for librenms/librenms (Composer) Nov 15, 2024
RaphaelCSS RaphaelCSSilva
ProTip! Advisories are also available from the GraphQL API