Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27,836 advisories

Loading
The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’... Moderate Unreviewed
CVE-2024-5869 was published Sep 13, 2024
The Delicate theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link'... Moderate Unreviewed
CVE-2024-5867 was published Sep 13, 2024
The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the... Moderate Unreviewed
CVE-2024-8664 was published Sep 13, 2024
The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to... Moderate Unreviewed
CVE-2024-8665 was published Sep 13, 2024
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce... Moderate Unreviewed
CVE-2024-8742 was published Sep 13, 2024
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads... Moderate Unreviewed
CVE-2024-5567 was published Sep 13, 2024
The WP Simple Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2024-8663 was published Sep 13, 2024
The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-5628 was published Sep 13, 2024
The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to... Moderate Unreviewed
CVE-2024-8656 was published Sep 13, 2024
ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site... Moderate Unreviewed
CVE-2024-34335 was published Sep 12, 2024
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be... Critical Unreviewed
CVE-2024-8695 was published Sep 12, 2024
Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515... Moderate Unreviewed
CVE-2020-24061 was published Sep 12, 2024
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls... High Unreviewed
CVE-2024-8696 was published Sep 12, 2024
MindsDB Cross-site Scripting vulnerability Moderate
CVE-2024-45856 was published for mindsdb (pip) Sep 12, 2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. Moderate Unreviewed
CVE-2024-6700 was published Sep 12, 2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. Moderate Unreviewed
CVE-2024-6702 was published Sep 12, 2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. Moderate Unreviewed
CVE-2024-6701 was published Sep 12, 2024
Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™... Moderate Unreviewed
CVE-2021-38131 was published Sep 12, 2024
Possible Improper Neutralization of Input During Web Page Generation Vulnerability in... Moderate Unreviewed
CVE-2021-22503 was published Sep 12, 2024
Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This vulnerability allows an... Moderate Unreviewed
CVE-2024-8750 was published Sep 12, 2024
The amCharts: Charts and Maps plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2024-8622 was published Sep 12, 2024
The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is... Moderate Unreviewed
CVE-2024-7822 was published Sep 12, 2024
The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and... Moderate Unreviewed
CVE-2024-8054 was published Sep 12, 2024
The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places,... Moderate Unreviewed
CVE-2024-7818 was published Sep 12, 2024
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places,... Moderate Unreviewed
CVE-2024-7861 was published Sep 12, 2024
ProTip! Advisories are also available from the GraphQL API