GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,198
Composer 4,096
Erlang 29
GitHub Actions 19
Go 1,925
Maven 5,116
npm 3,654
NuGet 638
pip 3,263
Pub 10
RubyGems 873
Rust 823
Swift 35

Unreviewed advisories

All unreviewed 229,311

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

22,582 advisories

Filter by severity

Sort by

Least recently updated

The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable... Moderate Unreviewed

CVE-2024-8499 was published Oct 4, 2024

The Daily Prayer Time WordPress plugin before 2021.08.10 does not sanitise or escape some of its... Moderate Unreviewed

CVE-2021-24523 was published May 24, 2022

The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads... Moderate Unreviewed

CVE-2024-9271 was published Oct 4, 2024

The Easy Demo Importer – A Modern One-Click Demo Import Solution plugin for WordPress is... Moderate Unreviewed

CVE-2024-9071 was published Oct 4, 2024

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2024-9306 was published Oct 4, 2024

The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected... Moderate Unreviewed

CVE-2024-9435 was published Oct 4, 2024

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction &... Moderate Unreviewed

CVE-2024-8519 was published Oct 4, 2024

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2024-9349 was published Oct 4, 2024

The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed

CVE-2024-9204 was published Oct 4, 2024

The WP Blocks Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File... Moderate Unreviewed

CVE-2024-9372 was published Oct 4, 2024

The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to... Moderate Unreviewed

CVE-2024-9353 was published Oct 4, 2024

The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2024-9368 was published Oct 4, 2024

The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected... Moderate Unreviewed

CVE-2024-9345 was published Oct 4, 2024

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's... Moderate Unreviewed

CVE-2024-8804 was published Oct 4, 2024

The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable... Moderate Unreviewed

CVE-2024-9384 was published Oct 4, 2024

The Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate plugin for... Moderate Unreviewed

CVE-2024-9237 was published Oct 4, 2024

The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2024-9445 was published Oct 4, 2024

The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected... Moderate Unreviewed

CVE-2024-9375 was published Oct 4, 2024

The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2024-9242 was published Oct 4, 2024

The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2024-9421 was published Oct 4, 2024

The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use... Moderate Unreviewed

CVE-2024-8802 was published Oct 4, 2024

DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users,... Moderate Unreviewed

CVE-2024-41584 was published Oct 3, 2024

DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by... Moderate Unreviewed

CVE-2024-41583 was published Oct 3, 2024

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag... Moderate Unreviewed

CVE-2024-6739 was published Jul 15, 2024

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual... Moderate Unreviewed

CVE-2024-36359 was published Jun 11, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

22,582 advisories