GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
108,612 advisories
Filter by severity
Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects...
Moderate
Unreviewed
CVE-2023-47681
was published
Jun 19, 2024
The WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For...
Moderate
Unreviewed
CVE-2024-4632
was published
Jun 19, 2024
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-3894
was published
Jun 19, 2024
The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross...
Moderate
Unreviewed
CVE-2023-6495
was published
Jun 19, 2024
The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up...
Moderate
Unreviewed
CVE-2024-0789
was published
Jun 19, 2024
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
Moderate
Unreviewed
CVE-2024-0383
was published
Jun 19, 2024
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin...
Moderate
Unreviewed
CVE-2024-1407
was published
Jun 19, 2024
The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site...
Moderate
Unreviewed
CVE-2024-4663
was published
Jun 19, 2024
The Blogmentor – Blog Layouts for Elementor plugin for WordPress is vulnerable to Stored Cross...
Moderate
Unreviewed
CVE-2024-4623
was published
Jun 19, 2024
The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending...
Moderate
Unreviewed
CVE-2024-4787
was published
Jun 19, 2024
The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross...
Moderate
Unreviewed
CVE-2023-6692
was published
Jun 19, 2024
The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all...
Moderate
Unreviewed
CVE-2024-4873
was published
Jun 19, 2024
The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions...
Moderate
Unreviewed
CVE-2024-5649
was published
Jun 19, 2024
The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized...
Moderate
Unreviewed
CVE-2024-5768
was published
Jun 19, 2024
An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of...
Moderate
Unreviewed
CVE-2024-5208
was published
Jun 19, 2024
The EmbedSocial – Social Media Feeds, Reviews and Galleries plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-3984
was published
Jun 19, 2024
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized...
Moderate
Unreviewed
CVE-2024-4450
was published
Jun 19, 2024
The Custom Product List Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Moderate
Unreviewed
CVE-2024-4541
was published
Jun 19, 2024
The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin...
Moderate
Unreviewed
CVE-2024-5970
was published
Jun 19, 2024
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Moderate
GHSA-x4gp-pqpj-f43q
was published
for
curve25519-dalek
(Rust)
Jun 18, 2024
A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This...
Moderate
Unreviewed
CVE-2024-6128
was published
Jun 18, 2024
Moodle CSRF risks due to misuse of confirm_sesskey
Moderate
CVE-2024-38276
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Moodle HTTP authorization header is preserved between "emulated redirects"
Moderate
CVE-2024-38275
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Moodle BigBlueButton web service leaks meeting joining information
Moderate
CVE-2024-38273
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Moodle uses the same key for QR login and auto-login
Moderate
CVE-2024-38277
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
ProTip!
Advisories are also available from the
GraphQL API