GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
26,385 advisories
Filter by severity
The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7...
Moderate
Unreviewed
CVE-2024-5447
was published
Jun 21, 2024
The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7...
Moderate
Unreviewed
CVE-2024-5448
was published
Jun 21, 2024
The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings,...
Moderate
Unreviewed
CVE-2024-4755
was published
Jun 21, 2024
The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data...
Moderate
Unreviewed
CVE-2024-4477
was published
Jun 21, 2024
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified...
Moderate
Unreviewed
CVE-2024-6212
was published
Jun 21, 2024
There is a cross-site
scripting vulnerability in the management UI of Absolute Secure Access...
Moderate
Unreviewed
CVE-2024-37348
was published
Jun 20, 2024
There is a cross-site scripting vulnerability in the Secure
Access administrative UI of Absolute...
Moderate
Unreviewed
CVE-2024-37345
was published
Jun 20, 2024
There is a cross-site scripting vulnerability in the
management UI of Absolute Secure Access...
Moderate
Unreviewed
CVE-2024-37351
was published
Jun 20, 2024
There is a cross-site scripting vulnerability in the
management UI of Absolute Secure Access...
Moderate
Unreviewed
CVE-2024-37349
was published
Jun 20, 2024
There is a cross-site scripting vulnerability in the policy
management UI of Absolute Secure...
Moderate
Unreviewed
CVE-2024-37350
was published
Jun 20, 2024
There is a cross-site scripting vulnerability in the pool
configuration component of the...
Moderate
Unreviewed
CVE-2024-37347
was published
Jun 20, 2024
There is a cross-site scripting vulnerability in the
management UI of Absolute Secure Access...
Moderate
Unreviewed
CVE-2024-37352
was published
Jun 20, 2024
There is a cross-site scripting vulnerability in the Policy
management UI of Absolute Secure...
Moderate
Unreviewed
CVE-2024-37344
was published
Jun 20, 2024
There is a cross-site scripting vulnerability in the Secure
Access administrative console of...
Moderate
Unreviewed
CVE-2024-37343
was published
Jun 20, 2024
For Kiuwan installations with SSO (single sign-on) enabled, an
unauthenticated reflected cross...
Unknown
Unreviewed
CVE-2023-49111
was published
Jun 20, 2024
A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This...
Moderate
Unreviewed
CVE-2024-6181
was published
Jun 20, 2024
A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue...
Moderate
Unreviewed
CVE-2024-6182
was published
Jun 20, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-6177
was published
Jun 20, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-6178
was published
Jun 20, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-6179
was published
Jun 20, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-34443
was published
Jun 19, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Moderate
CVE-2024-38356
was published
for
TinyMCE
(Composer)
Jun 19, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Moderate
CVE-2024-38357
was published
for
TinyMCE
(Composer)
Jun 19, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-35765
was published
Jun 19, 2024
Moodle stored XSS via calendar's event title when deleting the event
Moderate
CVE-2024-38274
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
ProTip!
Advisories are also available from the
GraphQL API