Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

249,633 advisories

Loading
The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-9455 was published Oct 5, 2024
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to... Moderate Unreviewed
CVE-2024-9385 was published Oct 5, 2024
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin... Moderate Unreviewed
CVE-2024-9528 was published Oct 5, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-47847 was published Oct 5, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-47849 was published Oct 5, 2024
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS... Moderate Unreviewed
CVE-2024-47845 was published Oct 5, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-47840 was published Oct 5, 2024
An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41... Unknown Unreviewed
CVE-2024-47913 was published Oct 5, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia... Moderate Unreviewed
CVE-2024-47848 was published Oct 5, 2024
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote... Unknown Unreviewed
CVE-2024-37868 was published Oct 4, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Moderate Unreviewed
CVE-2024-7801 was published Oct 4, 2024
In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the... Moderate Unreviewed
CVE-2024-47911 was published Oct 4, 2024
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote... Unknown Unreviewed
CVE-2024-37869 was published Oct 4, 2024
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),... High Unreviewed
CVE-2024-9054 was published Oct 4, 2024
An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A... Unknown Unreviewed
CVE-2024-47910 was published Oct 4, 2024
TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a... Unknown Unreviewed
CVE-2023-26770 was published Oct 4, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2024-43686 was published Oct 4, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2024-43687 was published Oct 4, 2024
Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the... Unknown Unreviewed
CVE-2023-26771 was published Oct 4, 2024
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows... High Unreviewed
CVE-2024-43685 was published Oct 4, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site... High Unreviewed
CVE-2024-43684 was published Oct 4, 2024
itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site... Unknown Unreviewed
CVE-2024-46077 was published Oct 4, 2024
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100... High Unreviewed
CVE-2024-43683 was published Oct 4, 2024
itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function... Unknown Unreviewed
CVE-2024-46078 was published Oct 4, 2024
cookie accepts cookie name, path, and domain with out of bounds characters Low
CVE-2024-47764 was published for cookie (npm) Oct 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database