GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27,836 advisories
Filter by severity
The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’...
Moderate
Unreviewed
CVE-2024-5869
was published
Sep 13, 2024
The Delicate theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link'...
Moderate
Unreviewed
CVE-2024-5867
was published
Sep 13, 2024
The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the...
Moderate
Unreviewed
CVE-2024-8664
was published
Sep 13, 2024
The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2024-8665
was published
Sep 13, 2024
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce...
Moderate
Unreviewed
CVE-2024-8742
was published
Sep 13, 2024
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads...
Moderate
Unreviewed
CVE-2024-5567
was published
Sep 13, 2024
The WP Simple Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site...
Moderate
Unreviewed
CVE-2024-8663
was published
Sep 13, 2024
The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-5628
was published
Sep 13, 2024
The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2024-8656
was published
Sep 13, 2024
ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site...
Moderate
Unreviewed
CVE-2024-34335
was published
Sep 12, 2024
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be...
Critical
Unreviewed
CVE-2024-8695
was published
Sep 12, 2024
Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515...
Moderate
Unreviewed
CVE-2020-24061
was published
Sep 12, 2024
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls...
High
Unreviewed
CVE-2024-8696
was published
Sep 12, 2024
MindsDB Cross-site Scripting vulnerability
Moderate
CVE-2024-45856
was published
for
mindsdb
(pip)
Sep 12, 2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.
Moderate
Unreviewed
CVE-2024-6700
was published
Sep 12, 2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.
Moderate
Unreviewed
CVE-2024-6702
was published
Sep 12, 2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.
Moderate
Unreviewed
CVE-2024-6701
was published
Sep 12, 2024
Possible Cross-Site Scripting (XSS) Vulnerability
in eDirectory has been discovered in
OpenText™...
Moderate
Unreviewed
CVE-2021-38131
was published
Sep 12, 2024
Possible
Improper Neutralization of Input During Web Page Generation Vulnerability
in...
Moderate
Unreviewed
CVE-2021-22503
was published
Sep 12, 2024
Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This vulnerability allows an...
Moderate
Unreviewed
CVE-2024-8750
was published
Sep 12, 2024
The amCharts: Charts and Maps plugin for WordPress is vulnerable to Reflected Cross-Site...
Moderate
Unreviewed
CVE-2024-8622
was published
Sep 12, 2024
The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is...
Moderate
Unreviewed
CVE-2024-7822
was published
Sep 12, 2024
The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and...
Moderate
Unreviewed
CVE-2024-8054
was published
Sep 12, 2024
The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places,...
Moderate
Unreviewed
CVE-2024-7818
was published
Sep 12, 2024
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places,...
Moderate
Unreviewed
CVE-2024-7861
was published
Sep 12, 2024
ProTip!
Advisories are also available from the
GraphQL API