GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
101,583 advisories
Filter by severity
A local administrator could prevent the HMPA service from starting despite tamper protection...
Moderate
Unreviewed
CVE-2021-25269
was published
Nov 27, 2021
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating...
Moderate
Unreviewed
CVE-2021-36843
was published
Nov 27, 2021
Stored cross-site scripting (XSS) was possible in protection plan details. The following products...
Moderate
Unreviewed
CVE-2021-44203
was published
Nov 30, 2021
Cross-site scripting (XSS) was possible in notification pop-ups. The following products are...
Moderate
Unreviewed
CVE-2021-44201
was published
Nov 30, 2021
Self cross-site scripting (XSS) was possible on devices page. The following products are affected...
Moderate
Unreviewed
CVE-2021-44200
was published
Nov 30, 2021
Stored cross-site scripting (XSS) was possible in activity details. The following products are...
Moderate
Unreviewed
CVE-2021-44202
was published
Nov 30, 2021
DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber...
Moderate
Unreviewed
CVE-2021-44199
was published
Nov 30, 2021
The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2021-42365
was published
Nov 30, 2021
An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cross Site Scripting (XSS)...
Moderate
Unreviewed
CVE-2021-43697
was published
Nov 30, 2021
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image...
Moderate
Unreviewed
CVE-2021-3802
was published
Nov 30, 2021
The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels...
Moderate
Unreviewed
CVE-2021-24899
was published
Nov 30, 2021
An unspecified version of phpWhois is affected by a Cross Site Scripting (XSS) vulnerability. In...
Moderate
Unreviewed
CVE-2021-43698
was published
Nov 30, 2021
Some Huawei products use the OpenHpi software for hardware management. A function that parses...
Moderate
Unreviewed
CVE-2021-39995
was published
Nov 30, 2021
The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or...
Moderate
Unreviewed
CVE-2021-24918
was published
Nov 30, 2021
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which...
Moderate
Unreviewed
CVE-2021-24842
was published
Nov 30, 2021
An unspecified version of youtube-php-mirroring is affected by a Cross Site Scripting (XSS)...
Moderate
Unreviewed
CVE-2021-43692
was published
Nov 30, 2021
An unspecified version of twmap is affected by a Cross Site Scripting (XSS) vulnerability. In...
Moderate
Unreviewed
CVE-2021-43696
was published
Nov 30, 2021
The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback...
Moderate
Unreviewed
CVE-2021-24927
was published
Nov 30, 2021
An unspecified version of issabelPBX is affected by a Cross Site Scripting (XSS) vulnerability....
Moderate
Unreviewed
CVE-2021-43695
was published
Nov 30, 2021
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v...
Moderate
Unreviewed
CVE-2021-24876
was published
Nov 30, 2021
The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text...
Moderate
Unreviewed
CVE-2021-24883
was published
Nov 30, 2021
The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before...
Moderate
Unreviewed
CVE-2021-24908
was published
Nov 30, 2021
The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk...
Moderate
Unreviewed
CVE-2021-24749
was published
Nov 30, 2021
The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before...
Moderate
Unreviewed
CVE-2017-20008
was published
Nov 30, 2021
The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social...
Moderate
Unreviewed
CVE-2021-24745
was published
Nov 30, 2021
ProTip!
Advisories are also available from the
GraphQL API