GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
28,057 advisories
Filter by severity
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
Moderate
Unreviewed
CVE-2024-9306
was published
Oct 4, 2024
The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected...
Moderate
Unreviewed
CVE-2024-9435
was published
Oct 4, 2024
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction &...
Moderate
Unreviewed
CVE-2024-8519
was published
Oct 4, 2024
The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-9349
was published
Oct 4, 2024
The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site...
Moderate
Unreviewed
CVE-2024-9204
was published
Oct 4, 2024
The WP Blocks Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File...
Moderate
Unreviewed
CVE-2024-9372
was published
Oct 4, 2024
The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2024-9353
was published
Oct 4, 2024
The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-9368
was published
Oct 4, 2024
The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected...
Moderate
Unreviewed
CVE-2024-9345
was published
Oct 4, 2024
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's...
Moderate
Unreviewed
CVE-2024-8804
was published
Oct 4, 2024
The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable...
Moderate
Unreviewed
CVE-2024-9384
was published
Oct 4, 2024
The Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate plugin for...
Moderate
Unreviewed
CVE-2024-9237
was published
Oct 4, 2024
The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
Moderate
Unreviewed
CVE-2024-9445
was published
Oct 4, 2024
The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected...
Moderate
Unreviewed
CVE-2024-9375
was published
Oct 4, 2024
The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-9242
was published
Oct 4, 2024
The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
Moderate
Unreviewed
CVE-2024-9421
was published
Oct 4, 2024
The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use...
Moderate
Unreviewed
CVE-2024-8802
was published
Oct 4, 2024
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users,...
Moderate
Unreviewed
CVE-2024-41584
was published
Oct 3, 2024
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by...
Moderate
Unreviewed
CVE-2024-41583
was published
Oct 3, 2024
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag...
Moderate
Unreviewed
CVE-2024-6739
was published
Jul 15, 2024
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual...
Moderate
Unreviewed
CVE-2024-36359
was published
Jun 11, 2024
The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block...
Moderate
Unreviewed
CVE-2024-8536
was published
Sep 30, 2024
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7...
Moderate
Unreviewed
CVE-2021-24261
was published
May 24, 2022
Injection of arbitrary HTML/JavaScript code through the media download URL
Moderate
CVE-2024-47617
was published
for
sulu/sulu
(Composer)
Oct 3, 2024
Cross-site Scripting via uploaded SVG
Moderate
CVE-2024-47618
was published
for
sulu/sulu
(Composer)
Oct 3, 2024
ProTip!
Advisories are also available from the
GraphQL API