Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Security Advisories

Browse security advisories and track which Dependabot PRs address them.

RSS Feed

24,785

Total Advisories

1,792

With Dependabot PRs

3,506

Critical Severity

8,617

High Severity

Clear All Filters
Moodle has a SQL injection risk in course search module list filter
GHSA-rg56-94j7-hjx9 CVE-2025-26533 HIGH 9 months ago
An SQL injection risk was identified in the module list filter within course search.
packagist
No PRs yet
Moodle has an IDOR in badges allows disabling of arbitrary badges
GHSA-g88w-v4cq-qgcp CVE-2025-26531 LOW 9 months ago
Insufficient capability checks made it possible to disable badges a user does not have permission to access.
packagist
No PRs yet
Leantime allows Cross-Site Scripting (XSS)
GHSA-f679-254h-qhvj LOW 9 months ago
### Summary There is a cross-site scripting vulnerability on To-Do that affects a title field of a To-Do.
packagist
No PRs yet
Leantime affected by Improper Neutralization of HTML Tags
GHSA-95j3-435g-vjcp CVE-2025-28254 MODERATE 9 months ago
### Summary HTML can be arbitrarily injected into emails from Leantime due to improper neutralization of HTML tags in users' first names. This eff...
packagist
No PRs yet
Leantime has Missing Authorization Check for Host Parameter
GHSA-3hfj-qcvj-4hx8 LOW 9 months ago
### Finding Description Application has functionality for a user to view profile information. It does not have an implemented authorization check f...
packagist
No PRs yet
Leantime allows Stored Cross-Site Scripting (XSS)
GHSA-c39w-3pjx-qc7m HIGH 9 months ago
### Description Leantime allows stored cross-site scripting (XSS) in the API key name while generating the API key. ### Impact Any low privileged ...
packagist
No PRs yet
Leantime allows Cross-Site Request Forgery (CSRF)
GHSA-92xh-6x7v-4rmq MODERATE 9 months ago
**CSRF** ### Summary A cross-site request forgery vulnerability allows a remote actor to create an account with Owner privileges. By luring an Owne...
packagist
No PRs yet
Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi)
GHSA-v4q9-437p-mhpg HIGH 9 months ago
### Summary A cross-site scripting (XSS) vulnerability has been identified in Leantime. The vulnerability allows an attacker to inject malicious sc...
packagist
No PRs yet
Leantime allows Stored Cross-Site Scripting (XSS)
GHSA-63cr-xg3f-8jvr MODERATE 9 months ago
### Summary Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into ...
packagist
No PRs yet
Leantime allows Refelected Cross-Site Scripting (XSS)
GHSA-52xf-h226-pfgx MODERATE 9 months ago
### Summary The vulnerability in Leantime's "overdue" section allows attackers to upload malicious image files containing XSS payloads. When other ...
packagist
No PRs yet
Leantime has Insufficiently Protected Credentials
GHSA-h6w8-27ph-c385 MODERATE 9 months ago
Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore. Additional Informat...
packagist
No PRs yet
Leantime allows Stored Cross-Site Scripting (XSS)
GHSA-mg4c-884j-pcq9 MODERATE 9 months ago
STORED XSS +OPEN REDIRECTION in SVG uploads Vulnerable url:https://hack.leantime.io/projects/showProject/3
packagist
No PRs yet
Leantime has Host Header Injection Vulnerability
GHSA-99r5-84gr-59f6 MODERATE 9 months ago
### Summary A host header injection vulnerability has been identified in the user details viewing functionality of the system. This vulnerability a...
packagist
No PRs yet
Easy!Appointments Improper Restriction of Excessive Authentication Attempts
GHSA-8fc2-fhh6-f6m5 CVE-2024-57602 CRITICAL 10 months ago
An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file.
packagist
No PRs yet
Remote code execution in alextselegidis/easyappointments
GHSA-3wf7-83q3-948c CVE-2024-57601 MODERATE 10 months ago
Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_set...
packagist
No PRs yet
Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header
GHSA-c2p2-hgjg-9r3f CRITICAL 10 months ago
### Impact _What kind of vulnerability is it? Who is impacted?_ Remote code execution is possible in web-accessible installations of hypercube. ...
packagist
No PRs yet
Improper Authorization vulnerability in Magento and Adobe Commerce
GHSA-fppq-f2m6-xv5c CVE-2025-24434 CRITICAL 10 months ago
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability t...
packagist
No PRs yet
Magento Improper Access Control vulnerability
GHSA-v3hq-g424-5mgg CVE-2025-24427 MODERATE 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability ...
packagist
No PRs yet
Magento Business Logic Error vulnerability
GHSA-6ff8-jrfg-43hh CVE-2025-24425 MODERATE 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that...
packagist
No PRs yet
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
GHSA-6w27-c66f-gvhq CVE-2025-24430 LOW 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race...
packagist
No PRs yet
Magento Improper Access Control vulnerability
GHSA-656q-fx2w-8ccv CVE-2025-24429 LOW 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability ...
packagist
No PRs yet
Magento stored Cross-Site Scripting (XSS) vulnerability
GHSA-8884-7rm9-mrx4 CVE-2025-24438 HIGH 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulne...
packagist
No PRs yet
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
GHSA-7jmr-43qj-pw47 CVE-2025-24432 LOW 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race...
packagist
No PRs yet
Magento stored Cross-Site Scripting (XSS) vulnerability
GHSA-mm87-rrqx-94cr CVE-2025-24428 MODERATE 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulne...
packagist
No PRs yet
Magento Improper Access Control vulnerability
GHSA-82p4-55gj-956p CVE-2025-24435 MODERATE 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability ...
packagist
No PRs yet
Magento Improper Access Control vulnerability
GHSA-ghpr-6qhr-rpp8 CVE-2025-24436 MODERATE 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability ...
packagist
No PRs yet
Magento Improper Access Control vulnerability
GHSA-469f-wf4f-3jjv CVE-2025-24437 MODERATE 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability ...
packagist
No PRs yet
Magento Stored Cross-Site Scripting (XSS) Vulnerability
GHSA-g3j6-9753-8mp2 CVE-2025-24417 HIGH 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulne...
packagist
No PRs yet
Magento Stored Cross-Site Scripting (XSS) Vulnerability
GHSA-fhw6-3mj5-w9gv CVE-2025-24414 HIGH 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulne...
packagist
No PRs yet
Magento Stored Cross-Site Scripting (XSS) Vulnerability
GHSA-m4rg-mpp2-97px CVE-2025-24412 HIGH 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulne...
packagist
No PRs yet
Magento Stored Cross-Site Scripting (XSS) Vulnerability
GHSA-gjxp-46rq-wg4q CVE-2025-24410 HIGH 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulne...
packagist
No PRs yet
Magento Stored Cross-Site Scripting (XSS) Vulnerability
GHSA-gc27-rvvm-q77r CVE-2025-24415 HIGH 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulne...
packagist
No PRs yet
Magento Improper Access Control vulnerability
GHSA-36hw-x3cc-m258 CVE-2025-24411 HIGH 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability ...
packagist
No PRs yet
Magento Improper Access Control vulnerability
GHSA-539v-w87w-w62c CVE-2025-24424 MODERATE 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability ...
packagist
No PRs yet
Adobe Commerce Path Traversal
GHSA-954p-ff72-327w CVE-2025-24406 HIGH 10 months ago
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a...
packagist
No PRs yet
Magento Stored Cross-Site Scripting (XSS) Vulnerability
GHSA-xwgx-8v72-4j5j CVE-2025-24413 HIGH 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulne...
packagist
No PRs yet
Adobe Commerce Improper Authorization vulnerability
GHSA-vw47-79jv-3598 CVE-2025-24409 HIGH 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability ...
packagist
No PRs yet
Magento Information Exposure vulnerability
GHSA-3cfg-w257-cgf8 CVE-2025-24408 MODERATE 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability tha...
packagist
No PRs yet
Magento Stored Cross-Site Scripting (XSS) Vulnerability
GHSA-rjjw-g6hw-7pc9 CVE-2025-24416 HIGH 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulne...
packagist
No PRs yet
Magento Incorrect Authorization vulnerability
GHSA-v6r2-425c-hfrr CVE-2025-24421 MODERATE 10 months ago
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability ...
packagist
No PRs yet
Stored XSS in REDAXO
GHSA-7wj8-856p-qc9m CVE-2024-13209 MODERATE 10 months ago
### Summary Stored XSS in REDAXO 5.18.1 - Article / "content/edit". ### Details On the latest version of Redaxo, v5.18.1, the article name field i...
packagist
No PRs yet
Connect-CMS information that is restricted to viewing is visible
GHSA-2237-5r9w-vm8j HIGH 10 months ago
### Impact - Information that is restricted from viewing in the search results of site searches (※) can still be viewed via the main text (a featu...
packagist
No PRs yet
Connect-CMS Access control vulnerability
GHSA-5rjc-jc28-cwgg MODERATE 10 months ago
### Impact(影響) There is an Access control vulnerability on the management system of Connect-CMS. Affected Version : Connect-CMS v1.8.6, 2.4.6 and ...
packagist
No PRs yet
Pimcore Admin Classic Bundle allows user enumeration
GHSA-vr5f-php7-rg24 CVE-2025-24980 MODERATE 10 months ago
pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to u...
packagist
No PRs yet
Multiple rtmpdump vulnerabilities
GHSA-vrpv-vw92-328g CRITICAL 10 months ago
The version of rtmpdump contained in this package has multiple known vulnerabilities. ### Patches This package is abandoned and should not be used...
packagist
No PRs yet
Browsershot Path Traversal
GHSA-j2gw-r24m-j2qw CVE-2025-1022 HIGH 10 months ago
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot...
packagist
No PRs yet
Cockpit Arbitrary File Upload
GHSA-wp68-xrfg-xvq4 CVE-2025-1025 HIGH 10 months ago
Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extension to by...
packagist
No PRs yet
Browsershot Local File Inclusion
GHSA-f2q5-6mx7-q9qq CVE-2025-1026 MODERATE 10 months ago
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setU...
packagist
No PRs yet
PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters
GHSA-r57h-547h-w24f CVE-2025-23210 MODERATE 10 months ago
**Product:** PhpSpreadsheet **Version:** 3.8.0 **CWE-ID:** CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti...
packagist
No PRs yet
DevDojo Voyager Arbitrary File Write
GHSA-35p2-5vrh-m3p6 CVE-2024-55417 MODERATE 10 months ago
DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/me...
packagist
No PRs yet