GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,464 advisories
Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite
Moderate
CVE-2025-27794
was published
for
flarum/core
(Composer)
Mar 12, 2025
Laravel has a File Validation Bypass
Moderate
CVE-2025-27515
was published
for
laravel/framework
(Composer)
Mar 5, 2025
The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding
High
CVE-2025-27773
was published
for
simplesamlphp/saml2
(Composer)
Mar 11, 2025
Pimcore Vulnerable to SQL Injection in getRelationFilterCondition
Moderate
CVE-2025-27617
was published
for
pimcore/pimcore
(Composer)
Mar 11, 2025
Froxlor has an HTML Injection Vulnerability
Moderate
GHSA-26xq-m8xw-6373
was published
for
froxlor/froxlor
(Composer)
Mar 11, 2025
Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover
Moderate
GHSA-7j6w-p859-464f
was published
for
froxlor/froxlor
(Composer)
Mar 11, 2025
Laravel framework susceptible to reflected cross-site scripting
Moderate
CVE-2024-13918
was published
for
laravel/framework
(Composer)
Mar 10, 2025
Symfony vulnerable to command execution hijack on Windows with Process class
High
CVE-2024-51736
was published
for
symfony/process
(Composer)
Nov 6, 2024
phpseclib Infinite Loop vulnerability
High
CVE-2023-27560
was published
for
phpseclib/phpseclib
(Composer)
Mar 3, 2023
XXE in PHPSpreadsheet's XLSX reader
High
CVE-2024-48917
was published
for
phpoffice/phpexcel
(Composer)
Nov 18, 2024
Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet
Moderate
CVE-2025-22131
was published
for
phpoffice/phpexcel
(Composer)
Jan 21, 2025
XmlScanner bypass leads to XXE
High
CVE-2024-47873
was published
for
phpoffice/phpexcel
(Composer)
Nov 18, 2024
ProTip!
Advisories are also available from the
GraphQL API