GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
100,773 advisories
Filter by severity
Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users...
Moderate
Unreviewed
CVE-2024-6052
was published
Jul 3, 2024
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including...
Moderate
Unreviewed
CVE-2024-3800
was published
Jul 3, 2024
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a...
Moderate
Unreviewed
CVE-2024-5737
was published
Jul 3, 2024
OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture.
Moderate
Unreviewed
CVE-2024-37741
was published
Jul 3, 2024
A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels...
Moderate
Unreviewed
CVE-2024-6471
was published
Jul 3, 2024
A vulnerability was found in playSMS 1.4.3. It has been rated as problematic. Affected by this...
Moderate
Unreviewed
CVE-2024-6470
was published
Jul 3, 2024
A vulnerability was found in playSMS 1.4.3. It has been declared as problematic. Affected by this...
Moderate
Unreviewed
CVE-2024-6469
was published
Jul 3, 2024
Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of...
Moderate
Unreviewed
CVE-2024-39133
was published
Jun 27, 2024
Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2, 9.5.x <= 9.5.5 fail to prevent...
Moderate
Unreviewed
CVE-2024-6428
was published
Jul 3, 2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component ...
Moderate
Unreviewed
CVE-2024-39153
was published
Jun 27, 2024
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-6340
was published
Jul 3, 2024
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu,...
Moderate
Unreviewed
CVE-2024-4482
was published
Jul 3, 2024
The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
Moderate
Unreviewed
CVE-2024-6263
was published
Jul 3, 2024
The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings,...
Moderate
Unreviewed
CVE-2024-2234
was published
Jul 3, 2024
The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider...
Moderate
Unreviewed
CVE-2024-2375
was published
Jul 3, 2024
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could...
Moderate
Unreviewed
CVE-2024-2235
was published
Jul 3, 2024
The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its...
Moderate
Unreviewed
CVE-2024-4959
was published
Jun 26, 2024
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could...
Moderate
Unreviewed
CVE-2024-2233
was published
Jul 3, 2024
The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all...
Moderate
Unreviewed
CVE-2024-4543
was published
Jul 3, 2024
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could...
Moderate
Unreviewed
CVE-2024-2040
was published
Jul 3, 2024
Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to...
Moderate
Unreviewed
CVE-2024-22103
was published
Jul 2, 2024
A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low...
Moderate
Unreviewed
CVE-2024-39143
was published
Jul 2, 2024
The Easy Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
Moderate
Unreviewed
CVE-2024-5219
was published
Jul 2, 2024
The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its...
Moderate
Unreviewed
CVE-2024-4627
was published
Jul 2, 2024
The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-5419
was published
Jul 2, 2024
ProTip!
Advisories are also available from the
GraphQL API