GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
137,198 advisories
Filter by severity
Stored Cross-site Scripting in showdoc
Moderate
CVE-2022-0967
was published
for
showdoc/showdoc
(Composer)
Mar 16, 2022
The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as...
Moderate
Unreviewed
CVE-2021-24692
was published
Mar 15, 2022
The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF...
Moderate
Unreviewed
CVE-2021-24958
was published
Mar 15, 2022
The Child Theme Generator WordPress plugin through 2.2.7 does not sanitise escape the parade...
Moderate
Unreviewed
CVE-2021-24982
was published
Mar 15, 2022
The Patreon WordPress plugin before 1.8.2 does not sanitise and escape the field "Custom Patreon...
Moderate
Unreviewed
CVE-2021-25026
was published
Mar 15, 2022
The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings...
Moderate
Unreviewed
CVE-2021-24895
was published
Mar 15, 2022
The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape...
Moderate
Unreviewed
CVE-2021-24995
was published
Mar 15, 2022
The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field ...
Moderate
Unreviewed
CVE-2021-24897
was published
Mar 15, 2022
Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0941
was published
for
showdoc/showdoc
(Composer)
Mar 15, 2022
The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address'...
Moderate
Unreviewed
CVE-2022-0674
was published
Mar 15, 2022
The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings,...
Moderate
Unreviewed
CVE-2022-0684
was published
Mar 15, 2022
The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings,...
Moderate
Unreviewed
CVE-2022-0703
was published
Mar 15, 2022
Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0938
was published
for
showdoc/showdoc
(Composer)
Mar 15, 2022
Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0940
was published
for
showdoc/showdoc
(Composer)
Mar 15, 2022
The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and...
Moderate
Unreviewed
CVE-2022-0399
was published
Mar 15, 2022
The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before...
Moderate
Unreviewed
CVE-2022-0449
was published
Mar 15, 2022
The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise...
Moderate
Unreviewed
CVE-2022-0503
was published
Mar 15, 2022
The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and...
Moderate
Unreviewed
CVE-2022-0601
was published
Mar 15, 2022
The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and...
Moderate
Unreviewed
CVE-2022-0648
was published
Mar 15, 2022
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure...
Moderate
Unreviewed
CVE-2022-24385
was published
Mar 15, 2022
GPAC 1.0.1 is affected by Use After Free through MP4Box.
Moderate
Unreviewed
CVE-2022-24576
was published
Mar 15, 2022
Cross-site Scripting in Pimcore
Moderate
CVE-2022-0893
was published
for
pimcore/pimcore
(Composer)
Mar 16, 2022
Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0964
was published
for
showdoc/showdoc
(Composer)
Mar 16, 2022
Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0966
was published
for
showdoc/showdoc
(Composer)
Mar 16, 2022
ProTip!
Advisories are also available from the
GraphQL API