Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

22,876 advisories

Loading
OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint High
CVE-2025-28382 was published for openc3-cosmos-tool-iframe (RubyGems) Jun 13, 2025
Ibexa RichText Field Type XSS vulnerabilities in back office Moderate
GHSA-9qv6-4pwm-m68f was published for ibexa/fieldtype-richtext (Composer) Jun 13, 2025
Ibexa Admin UI XSS vulnerabilities in back office Moderate
GHSA-5r6x-g6jv-4v87 was published for ibexa/admin-ui (Composer) Jun 13, 2025
Ibexa Admin UI assets XSS vulnerabilities in back office Moderate
GHSA-vhgq-r8gx-5fpv was published for ibexa/admin-ui-assets (Composer) Jun 13, 2025
Ibexa eZ Platform Admin UI assets XSS vulnerabilities in back office Moderate
GHSA-r5rx-53g9-25rj was published for ezsystems/ezplatform-admin-ui-assets (Composer) Jun 13, 2025
Ibexa eZ Platform Admin UI XSS vulnerabilities in back office Moderate
GHSA-r7pm-mw8g-p7px was published for ezsystems/ezplatform-admin-ui (Composer) Jun 13, 2025
starcitizentools/citizen-skin allows stored XSS in user registration date message Moderate
CVE-2025-49578 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev
starcitizentools/citizen-skin allows stored XSS in menu heading message Moderate
CVE-2025-49579 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev
starcitizentools/citizen-skin allows stored XSS in preference menu heading messages Moderate
CVE-2025-49577 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev
starcitizentools/citizen-skin allows stored XSS in search no result messages Moderate
CVE-2025-49576 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev
Salt vulnerable to directory traversal attack in file receiving method Critical
CVE-2024-38824 was published for salt (pip) Jun 13, 2025
Salt's worker process vulnerable to denial of service through file read operation Moderate
CVE-2025-22242 was published for salt (pip) Jun 13, 2025
Salt's file contents overwrite the VirtKey class Moderate
CVE-2025-22241 was published for salt (pip) Jun 13, 2025
Salt has minion event bus authorization bypass vulnerability High
CVE-2025-22236 was published for salt (pip) Jun 13, 2025
Salt vulnerable to arbitrary event injection High
CVE-2025-22239 was published for salt (pip) Jun 13, 2025
Salt's salt.auth.pki module does not properly authenticate callers Moderate
CVE-2024-38825 was published for salt (pip) Jun 13, 2025
Salt's on demand pillar functionality vulnerable to arbitrary command injections Moderate
CVE-2025-22237 was published for salt (pip) Jun 13, 2025
Salt vulnerable to directory traversal attack in minion file cache creation Moderate
CVE-2025-22238 was published for salt (pip) Jun 13, 2025
Salt allows arbitrary directory creation or file deletion Moderate
CVE-2025-22240 was published for salt (pip) Jun 13, 2025
Spring Framework vulnerable to a reflected file download (RFD) Moderate
CVE-2025-41234 was published for org.springframework:spring-web (Maven) Jun 13, 2025
Vantage6 Server JWT secret not cryptographically secure Low
CVE-2025-43866 was published for vantage6-server (pip) Jun 12, 2025
vantage6 lacks brute-force protection on change password functionality Low
CVE-2025-43863 was published for vantage6 (pip) Jun 12, 2025
XWiki allows SQL injection in query endpoint of REST API with Oracle Critical
CVE-2024-56158 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 12, 2025
Citizen skin vulnerable to stored XSS through multiple system messages Moderate
CVE-2025-49575 was published for starcitizentools/citizen-skin (Composer) Jun 11, 2025
SomeMWDev
Drupal Admin Audit Trail Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2025-48448 was published for drupal/admin_audit_trail (Composer) Jun 11, 2025
ProTip! Advisories are also available from the GraphQL API