GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
108,886 advisories
Filter by severity
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all...
Moderate
Unreviewed
CVE-2024-4874
was published
Jun 22, 2024
Arbitrary File Creation in opencart
Moderate
CVE-2024-21519
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Cross site scripting in opencart
Moderate
CVE-2024-21516
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Cross site scripting in opencart
Moderate
CVE-2024-21515
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Cross site scripting in opencart
Moderate
CVE-2024-21517
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’...
Moderate
Unreviewed
CVE-2024-5966
was published
Jun 22, 2024
The Mosaic theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’...
Moderate
Unreviewed
CVE-2024-5965
was published
Jun 22, 2024
The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the UX...
Moderate
Unreviewed
CVE-2024-5346
was published
Jun 22, 2024
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
Moderate
Unreviewed
CVE-2024-2484
was published
Jun 22, 2024
The Table Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
Moderate
Unreviewed
CVE-2024-4313
was published
Jun 22, 2024
The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and...
Moderate
Unreviewed
CVE-2024-6120
was published
Jun 22, 2024
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a...
Moderate
Unreviewed
CVE-2024-37675
was published
Jun 21, 2024
A vulnerability was found in Pear Admin Boot up to 2.0.2 and classified as critical. This issue...
Moderate
Unreviewed
CVE-2024-6241
was published
Jun 21, 2024
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a...
Moderate
Unreviewed
CVE-2024-37673
was published
Jun 21, 2024
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a...
Moderate
Unreviewed
CVE-2024-37672
was published
Jun 21, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Moderate
Unreviewed
CVE-2024-35781
was published
Jun 21, 2024
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing...
Moderate
Unreviewed
CVE-2022-44587
was published
Jun 21, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Moderate
Unreviewed
CVE-2024-35778
was published
Jun 21, 2024
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a...
Moderate
Unreviewed
CVE-2024-37671
was published
Jun 21, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2022-38055
was published
Jun 21, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-35761
was published
Jun 21, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-35763
was published
Jun 21, 2024
Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects...
Moderate
Unreviewed
CVE-2024-35772
was published
Jun 21, 2024
Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg...
Moderate
Unreviewed
CVE-2022-45803
was published
Jun 21, 2024
ProTip!
Advisories are also available from the
GraphQL API