Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10 advisories

Loading
Filament: Multi-factor authentication (app) recovery codes can still be used multiple times via concurrent submission High
CVE-2026-48505 was published for filament/filament (Composer) Jun 25, 2026
StarPlatinu Credited to StarPlatinu and danharrin danharrin danharrin
Filament: Unauthenticated temporary file upload on auth pages Moderate
CVE-2026-48500 was published for filament/filament (Composer) Jun 23, 2026
wsparks-vc Credited to wsparks-vc and danharrin danharrin danharrin
Filament: Unvalidated ImageColumn and ImageEntry values can be used for XSS Moderate
CVE-2026-48167 was published for filament/infolists (Composer) Jun 23, 2026
wsparks-vc Credited to wsparks-vc and danharrin danharrin danharrin
Filament: Timing-based user enumeration on login page Moderate
CVE-2026-48166 was published for filament/filament (Composer) Jun 23, 2026
wsparks-vc Credited to wsparks-vc and danharrin danharrin danharrin
Filament: Disabled RichEditor field state can be used for XSS High
CVE-2026-55409 was published for filament/forms (Composer) Jun 17, 2026
mike197312 Credited to mike197312 and danharrin danharrin danharrin
Filament has inconsistent scope enforcement for its AttachAction and AssociateAction Select fields Moderate
CVE-2026-48067 was published for filament/actions (Composer) Jun 11, 2026
baradika Credited to baradika and danharrin danharrin danharrin
Filament Unvalidated Range and Values summarizer values can be used for XSS High
CVE-2026-33080 was published for filament/tables (Composer) Mar 18, 2026
danharrin Credited to danharrin
Filament multi-factor authentication (app) recovery codes can be used multiple times High
CVE-2025-67507 was published for filament/filament (Composer) Dec 9, 2025
JaZo Credited to JaZo and danharrin danharrin danharrin
Filament has exported files stored in default (`public`) filesystem if not reconfigured Low
CVE-2024-51758 was published for filament/actions (Composer) Nov 7, 2024
danharrin Credited to danharrin and catferq catferq catferq
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting Moderate
CVE-2024-47186 was published for filament/infolists (Composer) Sep 27, 2024
sv-LayZ Credited to sv-LayZ, danharrin, and sunnypatell danharrin danharrin
sunnypatell sunnypatell
ProTip! Advisories are also available from the GraphQL API