GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
9,285 advisories
Use of Insufficiently Random Values in undici
Moderate
CVE-2025-22150
was published
for
undici
(npm)
Jan 21, 2025
Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet
Moderate
CVE-2025-22131
was published
for
phpoffice/phpspreadsheet
(Composer)
Jan 21, 2025
Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop
Moderate
CVE-2024-10846
was published
for
github.com/compose-spec/compose-go/v2
(Go)
Jan 21, 2025
XSS/HTML Injection Vulnerability in Umbraco Backoffice Components
Moderate
CVE-2025-24012
was published
for
@umbraco-cms/backoffice
(npm)
Jan 21, 2025
Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify
Moderate
CVE-2025-23221
was published
for
@fedify/fedify
(npm)
Jan 21, 2025
Websites were able to send any requests to the development server and read the response in vite
Moderate
CVE-2025-24010
was published
for
vite
(npm)
Jan 21, 2025
KaTeX \htmlData does not validate attribute names
Moderate
CVE-2025-23207
was published
for
katex
(npm)
Jan 17, 2025
Matrix Media Repo (MMR) allows Server-Side Request Forgery (SSRF) on redirects and federation
Moderate
CVE-2024-52602
was published
for
github.com/t2bot/matrix-media-repo
(Go)
Jan 16, 2025
Librenms has a reflected XSS on error alert
Moderate
CVE-2025-23201
was published
for
librenms/librenms
(Composer)
Jan 16, 2025
LibreNMS Misc Section Stored Cross-site Scripting vulnerability
Moderate
CVE-2025-23200
was published
for
librenms/librenms
(Composer)
Jan 16, 2025
LibreNMS Ports Stored Cross-site Scripting vulnerability
Moderate
CVE-2025-23199
was published
for
librenms/librenms
(Composer)
Jan 16, 2025
LibreNMS Display Name Stored Cross-site Scripting vulnerability
Moderate
CVE-2025-23198
was published
for
librenms/librenms
(Composer)
Jan 16, 2025
CVE-2024-5138: snapd snapctl auth bypass
Moderate
CVE-2024-5138
was published
for
github.com/snapcore/snapd
(Go)
Jan 16, 2025
LibreNMS Display Name 2 Stored Cross-site Scripting vulnerability
Moderate
CVE-2024-56144
was published
for
librenms/librenms
(Composer)
Jan 16, 2025
ProTip!
Advisories are also available from the
GraphQL API