GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,774
Maven
5,000
npm
3,541
NuGet
617
pip
3,123
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
24,031 advisories
Filter by severity
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Moderate
Unreviewed
CVE-2024-38156
was published
Jul 19, 2024
IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This...
Moderate
Unreviewed
CVE-2024-28796
was published
Jul 17, 2024
Roundup Cross-site Scripting Vulnerability
Moderate
CVE-2024-39125
was published
for
roundup
(pip)
Jul 17, 2024
Roundup Cross-site Scripting Vulnerability
Moderate
CVE-2024-39126
was published
for
roundup
(pip)
Jul 17, 2024
Roundup Cross-site Scripting Vulnerability
Moderate
CVE-2024-39124
was published
for
roundup
(pip)
Jul 17, 2024
Silverstripe uses TinyMCE which allows svg files linked in object tags
Moderate
GHSA-52cw-pvq9-9m5v
was published
for
silverstripe/framework
(Composer)
Jul 17, 2024
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
Moderate
CVE-2024-32981
was published
for
silverstripe/framework
(Composer)
Jul 17, 2024
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and...
Moderate
Unreviewed
CVE-2024-6807
was published
Jul 17, 2024
Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote...
Moderate
Unreviewed
CVE-2024-6740
was published
Jul 15, 2024
AguardNet Technology's Space Management System does not properly filter user input, allowing...
Moderate
Unreviewed
CVE-2024-6742
was published
Jul 15, 2024
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a...
Moderate
Unreviewed
CVE-2024-6073
was published
Jul 15, 2024
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a...
Moderate
Unreviewed
CVE-2024-6076
was published
Jul 15, 2024
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a...
Moderate
Unreviewed
CVE-2024-6074
was published
Jul 15, 2024
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag...
Moderate
Unreviewed
CVE-2024-6739
was published
Jul 15, 2024
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER[...
Moderate
Unreviewed
CVE-2024-6072
was published
Jul 15, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting...
Moderate
Unreviewed
CVE-2024-39735
was published
Jul 15, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site...
Moderate
Unreviewed
CVE-2024-39728
was published
Jul 15, 2024
IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an...
Moderate
Unreviewed
CVE-2024-40690
was published
Jul 12, 2024
Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting
Moderate
CVE-2023-6813
was published
for
auth0/wordpress
(Composer)
Jul 11, 2024
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting ...
Moderate
Unreviewed
CVE-2024-6485
was published
Jul 11, 2024
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS)...
Moderate
Unreviewed
CVE-2024-6484
was published
Jul 11, 2024
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS)...
Moderate
Unreviewed
CVE-2024-6531
was published
Jul 11, 2024
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting')...
Moderate
Unreviewed
CVE-2024-6528
was published
Jul 11, 2024
The Feeds for YouTube (YouTube video, channel, and gallery plugin) plugin for WordPress is...
Moderate
Unreviewed
CVE-2024-6256
was published
Jul 11, 2024
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not...
Moderate
Unreviewed
CVE-2024-6138
was published
Jul 11, 2024
ProTip!
Advisories are also available from the
GraphQL API