Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,589 advisories

Loading
Cross-Site Request Forgery (CSRF) vulnerability in Elevio Elevio allows Stored XSS.This issue... High Unreviewed
CVE-2025-22328 was published Jan 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in WordPress 智库 Wizhi Multi Filters by Wenprise... High Unreviewed
CVE-2025-22336 was published Jan 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Simple Sitemap allows Stored... High Unreviewed
CVE-2025-22342 was published Jan 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in BannerSky.com BSK Forms Blacklist allows Blind... High Unreviewed
CVE-2025-22347 was published Jan 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Dennis Koot wpSOL allows Stored XSS.This issue... High Unreviewed
CVE-2025-22343 was published Jan 7, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-56289 was published Jan 7, 2025
Incorrect Privilege Assignment vulnerability in Amento Tech Pvt ltd WPGuppy allows Privilege... High Unreviewed
CVE-2024-56280 was published Jan 7, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2024-56281 was published Jan 7, 2025
Deserialization of Untrusted Data vulnerability in plainware.com Locatoraid Store Locator allows... High Unreviewed
CVE-2024-56283 was published Jan 7, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2024-56282 was published Jan 7, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2024-56286 was published Jan 7, 2025
Deserialization of Untrusted Data vulnerability in plainware.com PlainInventory allows Object... High Unreviewed
CVE-2024-56291 was published Jan 7, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-56296 was published Jan 7, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-56299 was published Jan 7, 2025
Insertion of Sensitive Information Into Sent Data vulnerability in WPSpins Post/Page Copying Tool... High Unreviewed
CVE-2024-56300 was published Jan 7, 2025
Incorrect Privilege Assignment vulnerability in AllAccessible Team Accessibility by AllAccessible... High Unreviewed
CVE-2024-49644 was published Jan 7, 2025
Path Traversal vulnerability in SMSA Express SMSA Shipping allows Path Traversal.This issue... High Unreviewed
CVE-2024-49249 was published Jan 7, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-51700 was published Jan 7, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-51715 was published Jan 7, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-49633 was published Jan 7, 2025
The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all... High Unreviewed
CVE-2024-12152 was published Jan 7, 2025
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to... High Unreviewed
CVE-2024-47398 was published Jan 7, 2025
The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can... High Unreviewed
CVE-2024-12202 was published Jan 7, 2025
Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation ... High Unreviewed
CVE-2024-11626 was published Jan 7, 2025
Information Exposure Through an Error Message vulnerability in Progress Software Corporation... High Unreviewed
CVE-2024-11625 was published Jan 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database