Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

108,612 advisories

Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects... Moderate Unreviewed
CVE-2023-47681 was published Jun 19, 2024
The WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For... Moderate Unreviewed
CVE-2024-4632 was published Jun 19, 2024
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-3894 was published Jun 19, 2024
The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2023-6495 was published Jun 19, 2024
The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up... Moderate Unreviewed
CVE-2024-0789 was published Jun 19, 2024
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2024-0383 was published Jun 19, 2024
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin... Moderate Unreviewed
CVE-2024-1407 was published Jun 19, 2024
The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2024-4663 was published Jun 19, 2024
The Blogmentor – Blog Layouts for Elementor plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2024-4623 was published Jun 19, 2024
The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending... Moderate Unreviewed
CVE-2024-4787 was published Jun 19, 2024
The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2023-6692 was published Jun 19, 2024
The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all... Moderate Unreviewed
CVE-2024-4873 was published Jun 19, 2024
The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions... Moderate Unreviewed
CVE-2024-5649 was published Jun 19, 2024
The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2024-5768 was published Jun 19, 2024
An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of... Moderate Unreviewed
CVE-2024-5208 was published Jun 19, 2024
The EmbedSocial – Social Media Feeds, Reviews and Galleries plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-3984 was published Jun 19, 2024
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2024-4450 was published Jun 19, 2024
The Custom Product List Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2024-4541 was published Jun 19, 2024
The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed
CVE-2024-5970 was published Jun 19, 2024
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub` Moderate
GHSA-x4gp-pqpj-f43q was published for curve25519-dalek (Rust) Jun 18, 2024
A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This... Moderate Unreviewed
CVE-2024-6128 was published Jun 18, 2024
Moodle CSRF risks due to misuse of confirm_sesskey Moderate
CVE-2024-38276 was published for moodle/moodle (Composer) Jun 18, 2024
Moodle HTTP authorization header is preserved between "emulated redirects" Moderate
CVE-2024-38275 was published for moodle/moodle (Composer) Jun 18, 2024
Moodle BigBlueButton web service leaks meeting joining information Moderate
CVE-2024-38273 was published for moodle/moodle (Composer) Jun 18, 2024
Moodle uses the same key for QR login and auto-login Moderate
CVE-2024-38277 was published for moodle/moodle (Composer) Jun 18, 2024
ProTip! Advisories are also available from the GraphQL API