GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
28,057 advisories
Filter by severity
The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting...
Moderate
Unreviewed
CVE-2024-8718
was published
Oct 1, 2024
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG...
Moderate
Unreviewed
CVE-2024-8107
was published
Oct 1, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-47396
was published
Oct 1, 2024
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This...
Moderate
Unreviewed
CVE-2024-45073
was published
Oct 1, 2024
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an...
High
Unreviewed
CVE-2024-9158
was published
Sep 30, 2024
A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard...
Moderate
Unreviewed
CVE-2024-46475
was published
Sep 30, 2024
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field
Moderate
CVE-2024-47536
was published
for
starcitizentools/citizen-skin
(Composer)
Sep 30, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-47641
was published
Sep 30, 2024
A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to...
Moderate
Unreviewed
CVE-2024-45920
was published
Sep 30, 2024
Certain switch models from PLANET Technology have a web application that does not properly...
Moderate
Unreviewed
CVE-2024-8457
was published
Sep 30, 2024
The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block...
Moderate
Unreviewed
CVE-2024-8536
was published
Sep 30, 2024
The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid...
Moderate
Unreviewed
CVE-2024-3635
was published
Sep 30, 2024
A vulnerability was found in SourceCodester Inventory Management System 1.0. It has been declared...
Moderate
Unreviewed
CVE-2024-9323
was published
Sep 29, 2024
A vulnerability has been found in SourceCodester Online Timesheet App 1.0 and classified as...
Moderate
Unreviewed
CVE-2024-9320
was published
Sep 29, 2024
The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-8189
was published
Sep 28, 2024
A vulnerability classified as problematic was found in SourceCodester Online Railway Reservation...
Moderate
Unreviewed
CVE-2024-9300
was published
Sep 28, 2024
A vulnerability classified as problematic has been found in SourceCodester Online Railway...
Moderate
Unreviewed
CVE-2024-9299
was published
Sep 28, 2024
The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2024-8712
was published
Sep 28, 2024
The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site...
Moderate
Unreviewed
CVE-2024-8788
was published
Sep 28, 2024
The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2024-8715
was published
Sep 28, 2024
The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
Moderate
Unreviewed
CVE-2024-8547
was published
Sep 28, 2024
The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin...
Moderate
Unreviewed
CVE-2024-9023
was published
Sep 28, 2024
A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to...
Moderate
Unreviewed
CVE-2024-9291
was published
Sep 27, 2024
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
Critical
CVE-2024-47186
was published
for
filament/infolists
(Composer)
Sep 27, 2024
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute...
Moderate
Unreviewed
CVE-2024-25411
was published
Sep 27, 2024
ProTip!
Advisories are also available from the
GraphQL API