Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

28,057 advisories

Loading
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-9306 was published Oct 4, 2024
The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected... Moderate Unreviewed
CVE-2024-9435 was published Oct 4, 2024
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction &... Moderate Unreviewed
CVE-2024-8519 was published Oct 4, 2024
The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-9349 was published Oct 4, 2024
The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2024-9204 was published Oct 4, 2024
The WP Blocks Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File... Moderate Unreviewed
CVE-2024-9372 was published Oct 4, 2024
The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to... Moderate Unreviewed
CVE-2024-9353 was published Oct 4, 2024
The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-9368 was published Oct 4, 2024
The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected... Moderate Unreviewed
CVE-2024-9345 was published Oct 4, 2024
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's... Moderate Unreviewed
CVE-2024-8804 was published Oct 4, 2024
The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2024-9384 was published Oct 4, 2024
The Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate plugin for... Moderate Unreviewed
CVE-2024-9237 was published Oct 4, 2024
The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-9445 was published Oct 4, 2024
The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected... Moderate Unreviewed
CVE-2024-9375 was published Oct 4, 2024
The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-9242 was published Oct 4, 2024
The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-9421 was published Oct 4, 2024
The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use... Moderate Unreviewed
CVE-2024-8802 was published Oct 4, 2024
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users,... Moderate Unreviewed
CVE-2024-41584 was published Oct 3, 2024
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by... Moderate Unreviewed
CVE-2024-41583 was published Oct 3, 2024
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag... Moderate Unreviewed
CVE-2024-6739 was published Jul 15, 2024
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual... Moderate Unreviewed
CVE-2024-36359 was published Jun 11, 2024
The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block... Moderate Unreviewed
CVE-2024-8536 was published Sep 30, 2024
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7... Moderate Unreviewed
CVE-2021-24261 was published May 24, 2022
Injection of arbitrary HTML/JavaScript code through the media download URL Moderate
CVE-2024-47617 was published for sulu/sulu (Composer) Oct 3, 2024
Cross-site Scripting via uploaded SVG Moderate
CVE-2024-47618 was published for sulu/sulu (Composer) Oct 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database