Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,128
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,024
Swift
39
Unreviewed advisories
All unreviewed
5,000+

37,012 advisories

Loading
The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider... Moderate Unreviewed
CVE-2024-3288 was published Jun 7, 2024
The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings,... Moderate Unreviewed
CVE-2024-4756 was published Jun 7, 2024
The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-5612 was published Jun 7, 2024
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo... Moderate Unreviewed
CVE-2024-4042 was published Jun 7, 2024
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo... Moderate Unreviewed
CVE-2024-1988 was published Jun 7, 2024
The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2024-5425 was published Jun 7, 2024
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. Moderate Unreviewed
CVE-2024-37383 was published Jun 7, 2024
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user... Moderate Unreviewed
CVE-2024-37384 was published Jun 7, 2024
The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's... Moderate Unreviewed
CVE-2024-1768 was published Jun 7, 2024
The WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-3987 was published Jun 7, 2024
The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability.... High Unreviewed
CVE-2023-37539 was published Jun 7, 2024
A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute... Moderate Unreviewed
CVE-2024-36775 was published Jun 7, 2024
TokenController formName not sanitized in hidden input Moderate
CVE-2024-37156 was published for sulu/form-bundle (Composer) Jun 6, 2024
picturestone rogamoore
Withdrawn Advisory: lunary-ai/lunary XSS in SAML metadata endpoint High
CVE-2024-5478 was published for lunary (npm) Jun 6, 2024 withdrawn
hughcrt
A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both... Low Unreviewed
CVE-2024-3166 was published Jun 6, 2024
A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao... Moderate Unreviewed
CVE-2024-3402 was published Jun 6, 2024
A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm... High Unreviewed
CVE-2024-3110 was published Jun 6, 2024
Cross site scripting in zenml Low
CVE-2024-2171 was published for zenml (pip) Jun 6, 2024
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-5038 was published Jun 6, 2024
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce... Moderate Unreviewed
CVE-2024-5188 was published Jun 6, 2024
Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists... Moderate Unreviewed
CVE-2024-5673 was published Jun 6, 2024
The MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution plugin for WordPress... Moderate Unreviewed
CVE-2024-5259 was published Jun 6, 2024
The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's... Moderate Unreviewed
CVE-2024-5221 was published Jun 6, 2024
The Google CSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed
CVE-2024-5656 was published Jun 6, 2024
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-4364 was published Jun 6, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database