GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
104,856 advisories
Filter by severity
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based...
Moderate
Unreviewed
CVE-2024-46934
was published
Sep 25, 2024
Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to...
Moderate
Unreviewed
CVE-2023-26688
was published
Sep 25, 2024
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server...
Moderate
Unreviewed
CVE-2024-38324
was published
Sep 25, 2024
The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross...
Moderate
Unreviewed
CVE-2024-8716
was published
Sep 24, 2024
The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin plugin for...
Moderate
Unreviewed
CVE-2024-8628
was published
Sep 24, 2024
The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2024-8662
was published
Sep 24, 2024
The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting...
Moderate
Unreviewed
CVE-2024-8738
was published
Sep 24, 2024
The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all...
Moderate
Unreviewed
CVE-2024-8794
was published
Sep 24, 2024
An improper restriction of operations within the bounds of a memory buffer in the USB file...
Moderate
Unreviewed
CVE-2024-38269
was published
Sep 24, 2024
The Pixel Cat – Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross...
Moderate
Unreviewed
CVE-2024-8544
was published
Sep 24, 2024
An improper restriction of operations within the bounds of a memory buffer in the MAC address...
Moderate
Unreviewed
CVE-2024-38268
was published
Sep 24, 2024
An improper restriction of operations within the bounds of a memory buffer in the IPv6 address...
Moderate
Unreviewed
CVE-2024-38267
was published
Sep 24, 2024
The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is...
Moderate
Unreviewed
CVE-2024-8432
was published
Sep 24, 2024
An improper restriction of operations within the bounds of a memory buffer in the parameter type...
Moderate
Unreviewed
CVE-2024-38266
was published
Sep 24, 2024
The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
Moderate
Unreviewed
CVE-2024-8657
was published
Sep 24, 2024
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote...
Moderate
Unreviewed
CVE-2024-7020
was published
Sep 24, 2024
Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote...
Moderate
Unreviewed
CVE-2024-7019
was published
Sep 24, 2024
Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a...
Moderate
Unreviewed
CVE-2023-7281
was published
Sep 24, 2024
Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a...
Moderate
Unreviewed
CVE-2023-7282
was published
Sep 24, 2024
An improper privilege management vulnerability allowed arbitrary workflows to be committed using...
Moderate
Unreviewed
CVE-2024-8263
was published
Sep 23, 2024
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to...
Moderate
Unreviewed
CVE-2024-39843
was published
Sep 23, 2024
Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain...
Moderate
Unreviewed
CVE-2024-44540
was published
Sep 23, 2024
A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of...
Moderate
Unreviewed
CVE-2024-8770
was published
Sep 23, 2024
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution ...
Moderate
Unreviewed
CVE-2024-37779
was published
Sep 23, 2024
Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2,...
Moderate
Unreviewed
CVE-2024-39342
was published
Sep 23, 2024
ProTip!
Advisories are also available from the
GraphQL API