GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,774
Maven
5,000
npm
3,541
NuGet
617
pip
3,123
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
26,660 advisories
Filter by severity
Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting (XSS) via...
Moderate
Unreviewed
CVE-2024-29318
was published
Jul 5, 2024
goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via...
Critical
Unreviewed
CVE-2024-23998
was published
Jul 5, 2024
A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter...
Moderate
Unreviewed
CVE-2024-6526
was published
Jul 5, 2024
A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic....
Moderate
Unreviewed
CVE-2024-6523
was published
Jul 5, 2024
drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of...
Moderate
Unreviewed
CVE-2024-34481
was published
Jul 5, 2024
A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by...
Moderate
Unreviewed
CVE-2024-6511
was published
Jul 4, 2024
The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of...
Moderate
Unreviewed
CVE-2024-5641
was published
Jul 4, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-3638
was published
Jul 4, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-3639
was published
Jul 4, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-2926
was published
Jul 4, 2024
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-6340
was published
Jul 3, 2024
The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
Moderate
Unreviewed
CVE-2024-6263
was published
Jul 3, 2024
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu,...
Moderate
Unreviewed
CVE-2024-4482
was published
Jul 3, 2024
The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider...
Moderate
Unreviewed
CVE-2024-2375
was published
Jul 3, 2024
The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings,...
Moderate
Unreviewed
CVE-2024-2234
was published
Jul 3, 2024
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including...
Moderate
Unreviewed
CVE-2024-3801
was published
Jul 3, 2024
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a...
Moderate
Unreviewed
CVE-2024-5737
was published
Jul 3, 2024
OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture.
Moderate
Unreviewed
CVE-2024-37741
was published
Jul 3, 2024
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including...
Moderate
Unreviewed
CVE-2024-3800
was published
Jul 3, 2024
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before...
Moderate
Unreviewed
CVE-2024-5727
was published
Jul 3, 2024
The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross...
Moderate
Unreviewed
CVE-2024-4268
was published
Jul 2, 2024
The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
Moderate
Unreviewed
CVE-2024-6264
was published
Jul 2, 2024
A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low...
Moderate
Unreviewed
CVE-2024-39143
was published
Jul 2, 2024
The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
Moderate
Unreviewed
CVE-2024-6011
was published
Jul 2, 2024
Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0...
Moderate
Unreviewed
CVE-2024-38857
was published
Jul 2, 2024
ProTip!
Advisories are also available from the
GraphQL API