Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,613
NuGet
638
pip
3,210
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27,694 advisories

Loading
A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the... Moderate Unreviewed
CVE-2024-44820 was published Sep 4, 2024
A vulnerability was found in alwindoss akademy up to 35caccea888ed63d5489e211c99edff1f62efdba. It... Moderate Unreviewed
CVE-2024-8407 was published Sep 4, 2024
Cross Site Scripting (XSS) vulnerability through the action parameter in index.php. Affected... Moderate Unreviewed
CVE-2024-8413 was published Sep 4, 2024
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected... Moderate Unreviewed
CVE-2024-8117 was published Sep 4, 2024
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected... Moderate Unreviewed
CVE-2024-8119 was published Sep 4, 2024
The Attributes for Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-8318 was published Sep 4, 2024
The Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids,... Moderate Unreviewed
CVE-2024-8325 was published Sep 4, 2024
DOM clobbering could escalate to Cross-site Scripting (XSS) Moderate
CVE-2024-45389 was published for @pagefind/default-ui (npm) Sep 3, 2024
ishmeals jackfromeast
A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code... Moderate Unreviewed
CVE-2024-42901 was published Sep 3, 2024
An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation... High Unreviewed
CVE-2024-7654 was published Sep 3, 2024
A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12... Moderate Unreviewed
CVE-2024-44920 was published Sep 3, 2024
A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of... Moderate Unreviewed
CVE-2024-42061 was published Sep 3, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2024-6920 was published Sep 2, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer Release on... High Unreviewed
CVE-2024-7939 was published Sep 2, 2024
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject... Low Unreviewed
CVE-2024-38858 was published Sep 2, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release... High Unreviewed
CVE-2024-7938 was published Sep 2, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer Release on... High Unreviewed
CVE-2024-7932 was published Sep 2, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry... High Unreviewed
CVE-2024-8004 was published Sep 2, 2024
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters,... Moderate Unreviewed
CVE-2024-7691 was published Sep 2, 2024
CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows add_members.php... Moderate Unreviewed
CVE-2024-45528 was published Sep 2, 2024
A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability... Moderate Unreviewed
CVE-2024-8370 was published Sep 2, 2024
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified... Moderate Unreviewed
CVE-2024-8366 was published Aug 31, 2024
The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-8276 was published Aug 31, 2024
The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2024-8108 was published Aug 31, 2024
The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2024-5212 was published Aug 31, 2024
ProTip! Advisories are also available from the GraphQL API