GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,726
Composer 4,237
Erlang 31
GitHub Actions 21
Go 2,003
Maven 5,192
npm 3,714
NuGet 661
pip 3,387
Pub 11
RubyGems 885
Rust 851
Swift 36

Unreviewed advisories

All unreviewed 235,632

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

109,057 advisories

Filter by severity

Sort by

Least recently updated

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable... Moderate Unreviewed

CVE-2024-10579 was published Nov 26, 2024

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2024-10308 was published Nov 26, 2024

The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the... Moderate Unreviewed

CVE-2024-11032 was published Nov 26, 2024

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor... Moderate Unreviewed

CVE-2024-38833 was published Nov 26, 2024

A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices... Moderate Unreviewed

CVE-2024-50377 was published Nov 26, 2024

The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed

CVE-2024-8899 was published Nov 26, 2024

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor... Moderate Unreviewed

CVE-2024-38834 was published Nov 26, 2024

User passwords are decrypted and stored on memory before any user logged in. Those decrypted... Moderate Unreviewed

CVE-2024-32151 was published Nov 26, 2024

ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious... Moderate Unreviewed

CVE-2024-21798 was published Feb 29, 2024

The web interface of the affected devices is designed to hide the LDAP credentials even for... Moderate Unreviewed

CVE-2024-34162 was published Nov 26, 2024

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2024-9170 was published Nov 26, 2024

The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2024-11192 was published Nov 26, 2024

The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress is vulnerable... Moderate Unreviewed

CVE-2024-11091 was published Nov 26, 2024

Admin authentication can be bypassed with some specific invalid credentials, which allows logging... Moderate Unreviewed

CVE-2024-33616 was published Nov 26, 2024

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to... Moderate Unreviewed

CVE-2024-6831 was published Nov 26, 2024

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API... Moderate Unreviewed

CVE-2024-8772 was published Nov 26, 2024

The BNE Gallery Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2024-11119 was published Nov 26, 2024

Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the... Moderate Unreviewed

CVE-2024-11202 was published Nov 26, 2024

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via... Moderate Unreviewed

CVE-2024-11002 was published Nov 26, 2024

Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident... Moderate Unreviewed

CVE-2024-6749 was published Nov 26, 2024

Affected devices create coredump files when crashed, storing them with world-readable permission.... Moderate Unreviewed

CVE-2024-28955 was published Nov 26, 2024

User passwords are decrypted and stored on memory before any user logged in. Those decrypted... Moderate Unreviewed

CVE-2024-29978 was published Nov 26, 2024

User passwords are decrypted and stored on memory before any user logged in. Those decrypted... Moderate Unreviewed

CVE-2024-29146 was published Nov 26, 2024

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory... Moderate Unreviewed

CVE-2024-10857 was published Nov 26, 2024

Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is... Moderate Unreviewed

CVE-2024-6476 was published Nov 26, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

109,057 advisories