GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
26,546 advisories
Filter by severity
Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in...
Moderate
Unreviewed
CVE-2024-37389
was published
Jul 8, 2024
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20...
Moderate
Unreviewed
CVE-2024-37528
was published
Jul 8, 2024
Cross-site Scripting (XSS) - Stored in GitHub repository stitionai/devika prior to -.
High
Unreviewed
CVE-2024-5711
was published
Jul 8, 2024
A vulnerability classified as problematic has been found in heyewei SpringBootCMS up to 2024-05...
Moderate
Unreviewed
CVE-2024-6539
was published
Jul 8, 2024
A stored cross-site scripting (XSS) vulnerability exists in the 'Upload Knowledge' feature of...
Moderate
Unreviewed
CVE-2024-6229
was published
Jul 7, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37554
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37553
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37546
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37541
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37539
was published
Jul 6, 2024
Denial of service via malicious preflight requests in github.com/rs/cors
Moderate
GHSA-mh55-gqvf-xfwm
was published
for
github.com/rs/cors
(Go)
Jul 5, 2024
A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter...
Moderate
Unreviewed
CVE-2024-6526
was published
Jul 5, 2024
A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic....
Moderate
Unreviewed
CVE-2024-6523
was published
Jul 5, 2024
A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by...
Moderate
Unreviewed
CVE-2024-6511
was published
Jul 4, 2024
The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of...
Moderate
Unreviewed
CVE-2024-5641
was published
Jul 4, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-3638
was published
Jul 4, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-3639
was published
Jul 4, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-2926
was published
Jul 4, 2024
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-6340
was published
Jul 3, 2024
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu,...
Moderate
Unreviewed
CVE-2024-4482
was published
Jul 3, 2024
The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
Moderate
Unreviewed
CVE-2024-6263
was published
Jul 3, 2024
The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider...
Moderate
Unreviewed
CVE-2024-2375
was published
Jul 3, 2024
The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings,...
Moderate
Unreviewed
CVE-2024-2234
was published
Jul 3, 2024
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including...
Moderate
Unreviewed
CVE-2024-3801
was published
Jul 3, 2024
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a...
Moderate
Unreviewed
CVE-2024-5737
was published
Jul 3, 2024
ProTip!
Advisories are also available from the
GraphQL API