GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,640
Composer 4,231
Erlang 31
GitHub Actions 20
Go 1,991
Maven 5,178
npm 3,709
NuGet 661
pip 3,341
Pub 11
RubyGems 884
Rust 846
Swift 36

Unreviewed advisories

All unreviewed 234,624

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

108,508 advisories

Filter by severity

Sort by

Least recently updated

Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This... Moderate Unreviewed

CVE-2024-11159 was published Nov 13, 2024

The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of... Moderate Unreviewed

CVE-2024-9777 was published Nov 19, 2024

The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2024-11198 was published Nov 19, 2024

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary... Moderate Unreviewed

CVE-2024-10524 was published Nov 19, 2024

The Bard theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of... Moderate Unreviewed

CVE-2024-9830 was published Nov 19, 2024

The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2024-11224 was published Nov 19, 2024

Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16. Moderate Unreviewed

CVE-2022-0406 was published Apr 4, 2022

In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An... Moderate Unreviewed

CVE-2021-25964 was published May 24, 2022

The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2024-11195 was published Nov 19, 2024

The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG... Moderate Unreviewed

CVE-2024-11098 was published Nov 19, 2024

The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a... Moderate Unreviewed

CVE-2024-11069 was published Nov 19, 2024

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is... Moderate Unreviewed

CVE-2024-10268 was published Nov 19, 2024

An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiating the TLS version on the... Moderate Unreviewed

CVE-2024-28836 was published Apr 3, 2024

DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR... Moderate Unreviewed

CVE-2024-31802 was published Jun 27, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2024-52344 was published Nov 19, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2024-52347 was published Nov 19, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2024-52340 was published Nov 19, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2024-51939 was published Nov 19, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2024-52394 was published Nov 19, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2024-52345 was published Nov 19, 2024

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all... Moderate Unreviewed

CVE-2024-10486 was published Nov 19, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2024-52341 was published Nov 19, 2024

: Path Traversal: '.../...//' vulnerability in CYAN Backup allows Path Traversal.This issue... Moderate Unreviewed

CVE-2024-52390 was published Nov 19, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2024-52349 was published Nov 19, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2024-52389 was published Nov 19, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

108,508 advisories