GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
2,506 advisories
Leantime affected by Improper Neutralization of HTML Tags
Moderate
GHSA-95j3-435g-vjcp
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
Leantime allows Cross-Site Request Forgery (CSRF)
Moderate
GHSA-92xh-6x7v-4rmq
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
Leantime allows Stored Cross-Site Scripting (XSS)
Moderate
GHSA-63cr-xg3f-8jvr
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
Leantime allows Refelected Cross-Site Scripting (XSS)
Moderate
GHSA-52xf-h226-pfgx
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
Leantime has Insufficiently Protected Credentials
Moderate
GHSA-h6w8-27ph-c385
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
Leantime allows Stored Cross-Site Scripting (XSS)
Moderate
GHSA-mg4c-884j-pcq9
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
Leantime has Host Header Injection Vulnerability
Moderate
GHSA-99r5-84gr-59f6
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
Stored XSS in REDAXO
Moderate
CVE-2024-13209
was published
for
redaxo/source
(Composer)
Feb 10, 2025
Pimcore Admin Classic Bundle allows user enumeration
Moderate
CVE-2025-24980
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Feb 7, 2025
Withdrawn Advisory: Sylius allows unrestricted brute-force attacks on user accounts
Moderate
CVE-2024-57610
was published
for
sylius/sylius
(Composer)
Feb 6, 2025
•
withdrawn
Twig security issue where escaping was missing when using null coalesce operator
Moderate
CVE-2025-24374
was published
for
twig/twig
(Composer)
Jan 29, 2025
pimcore/customer-data-framework vulnerable to SQL Injection
Moderate
CVE-2024-11956
was published
for
pimcore/customer-management-framework-bundle
(Composer)
Jan 28, 2025
Missing validation of header name and value in codeigniter4/framework
Moderate
CVE-2025-24013
was published
for
codeigniter4/framework
(Composer)
Jan 21, 2025
Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet
Moderate
CVE-2025-22131
was published
for
phpoffice/phpspreadsheet
(Composer)
Jan 21, 2025
Librenms has a reflected XSS on error alert
Moderate
CVE-2025-23201
was published
for
librenms/librenms
(Composer)
Jan 16, 2025
LibreNMS Misc Section Stored Cross-site Scripting vulnerability
Moderate
CVE-2025-23200
was published
for
librenms/librenms
(Composer)
Jan 16, 2025
ProTip!
Advisories are also available from the
GraphQL API