GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,135 advisories
XXE in PHPSpreadsheet's XLSX reader
High
CVE-2024-48917
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 18, 2024
XmlScanner bypass leads to XXE
High
CVE-2024-47873
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 18, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
High
CVE-2024-52526
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php
High
CVE-2024-51497
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php
High
CVE-2024-51496
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php
High
CVE-2024-51495
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
High
CVE-2024-51494
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints
High
CVE-2024-50355
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.php
High
CVE-2024-50352
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php
High
CVE-2024-50351
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
High
CVE-2024-50350
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
High
CVE-2024-49764
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php
High
CVE-2024-49759
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php
High
CVE-2024-49754
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
FileManager Deserialization of Untrusted Data vulnerability
High
CVE-2024-52306
was published
for
backpack/filemanager
(Composer)
Nov 13, 2024
Symfony has an Authentication Bypass via RememberMe
High
CVE-2024-51996
was published
for
symfony/security-http
(Composer)
Nov 13, 2024
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI
High
CVE-2024-52293
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
Craft CMS Arbitrary System File Read
High
CVE-2024-52292
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
High
CVE-2024-52291
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
Symfony vulnerable to command execution hijack on Windows with Process class
High
CVE-2024-51736
was published
for
symfony/process
(Composer)
Nov 6, 2024
ProTip!
Advisories are also available from the
GraphQL API