Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

108,886 advisories

Loading
Open redirect in gradio Moderate
CVE-2024-4940 was published for gradio (pip) Jun 22, 2024
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all... Moderate Unreviewed
CVE-2024-4874 was published Jun 22, 2024
Arbitrary File Creation in opencart Moderate
CVE-2024-21519 was published for opencart/opencart (Composer) Jun 22, 2024
Cross site scripting in opencart Moderate
CVE-2024-21516 was published for opencart/opencart (Composer) Jun 22, 2024
Cross site scripting in opencart Moderate
CVE-2024-21515 was published for opencart/opencart (Composer) Jun 22, 2024
Cross site scripting in opencart Moderate
CVE-2024-21517 was published for opencart/opencart (Composer) Jun 22, 2024
The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’... Moderate Unreviewed
CVE-2024-5966 was published Jun 22, 2024
The Mosaic theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’... Moderate Unreviewed
CVE-2024-5965 was published Jun 22, 2024
The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the UX... Moderate Unreviewed
CVE-2024-5346 was published Jun 22, 2024
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-2484 was published Jun 22, 2024
The Table Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2024-4313 was published Jun 22, 2024
The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and... Moderate Unreviewed
CVE-2024-6120 was published Jun 22, 2024
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a... Moderate Unreviewed
CVE-2024-37675 was published Jun 21, 2024
A vulnerability was found in Pear Admin Boot up to 2.0.2 and classified as critical. This issue... Moderate Unreviewed
CVE-2024-6241 was published Jun 21, 2024
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a... Moderate Unreviewed
CVE-2024-37673 was published Jun 21, 2024
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a... Moderate Unreviewed
CVE-2024-37672 was published Jun 21, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2024-35781 was published Jun 21, 2024
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing... Moderate Unreviewed
CVE-2022-44587 was published Jun 21, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2024-35778 was published Jun 21, 2024
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a... Moderate Unreviewed
CVE-2024-37671 was published Jun 21, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2022-38055 was published Jun 21, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-35761 was published Jun 21, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-35763 was published Jun 21, 2024
Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects... Moderate Unreviewed
CVE-2024-35772 was published Jun 21, 2024
Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg... Moderate Unreviewed
CVE-2022-45803 was published Jun 21, 2024
ProTip! Advisories are also available from the GraphQL API