Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

26,546 advisories

Loading
Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in... Moderate Unreviewed
CVE-2024-37389 was published Jul 8, 2024
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20... Moderate Unreviewed
CVE-2024-37528 was published Jul 8, 2024
Cross-site Scripting (XSS) - Stored in GitHub repository stitionai/devika prior to -. High Unreviewed
CVE-2024-5711 was published Jul 8, 2024
A vulnerability classified as problematic has been found in heyewei SpringBootCMS up to 2024-05... Moderate Unreviewed
CVE-2024-6539 was published Jul 8, 2024
A stored cross-site scripting (XSS) vulnerability exists in the 'Upload Knowledge' feature of... Moderate Unreviewed
CVE-2024-6229 was published Jul 7, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37554 was published Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37553 was published Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37546 was published Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37541 was published Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37539 was published Jul 6, 2024
Denial of service via malicious preflight requests in github.com/rs/cors Moderate
GHSA-mh55-gqvf-xfwm was published for github.com/rs/cors (Go) Jul 5, 2024
A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter... Moderate Unreviewed
CVE-2024-6526 was published Jul 5, 2024
A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic.... Moderate Unreviewed
CVE-2024-6523 was published Jul 5, 2024
A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by... Moderate Unreviewed
CVE-2024-6511 was published Jul 4, 2024
The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of... Moderate Unreviewed
CVE-2024-5641 was published Jul 4, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-3638 was published Jul 4, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-3639 was published Jul 4, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-2926 was published Jul 4, 2024
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-6340 was published Jul 3, 2024
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu,... Moderate Unreviewed
CVE-2024-4482 was published Jul 3, 2024
The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2024-6263 was published Jul 3, 2024
The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider... Moderate Unreviewed
CVE-2024-2375 was published Jul 3, 2024
The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings,... Moderate Unreviewed
CVE-2024-2234 was published Jul 3, 2024
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including... Moderate Unreviewed
CVE-2024-3801 was published Jul 3, 2024
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a... Moderate Unreviewed
CVE-2024-5737 was published Jul 3, 2024
ProTip! Advisories are also available from the GraphQL API