Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+

107,349 advisories

The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2024-4700 was published May 21, 2024
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2024-4361 was published May 21, 2024
The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for... Moderate Unreviewed
CVE-2024-3268 was published May 21, 2024
The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2024-4695 was published May 21, 2024
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2024-4619 was published May 21, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Moderate Unreviewed
CVE-2023-3938 was published May 21, 2024
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2024-4553 was published May 21, 2024
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2024-4875 was published May 21, 2024
The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's... Moderate Unreviewed
CVE-2024-3345 was published May 21, 2024
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2024-4470 was published May 21, 2024
The UberMenu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's... Moderate Unreviewed
CVE-2024-4710 was published May 21, 2024
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2024-4943 was published May 21, 2024
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo... Moderate Unreviewed
CVE-2024-3155 was published May 21, 2024
The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow... Moderate Unreviewed
CVE-2024-0816 was published May 21, 2024
The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50... Moderate Unreviewed
CVE-2023-37929 was published May 21, 2024
A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as... Moderate Unreviewed
CVE-2024-5145 was published May 21, 2024
github.com/cosmos/ibc-go affected by IBC protocol "Huckleberry" vulnerability Moderate
GHSA-qjcv-rx3v-7mvj was published for github.com/cosmos/ibc-go (Go) May 20, 2024
Stacklok Minder vulnerable to denial of service from maliciously crafted templates Moderate
CVE-2024-35194 was published for github.com/stacklok/minder (Go) May 20, 2024
AdamKorcz DavidKorczynski
Trivy possibly leaks registry credential when scanning images from malicious registries Moderate
CVE-2024-35192 was published for github.com/aquasecurity/trivy (Go) May 20, 2024
lyoung-confluent
verbb/formie Server-Side Template Injection for variable-enabled settings Moderate
CVE-2024-35191 was published for verbb/formie (Composer) May 20, 2024
xcapri
Requests `Session` object does not verify requests after making first request with verify=False Moderate
CVE-2024-35195 was published for requests (pip) May 20, 2024
mikeassel sigmavirus24
nateprewitt
AVideo cross-site scripting vulnerability in the view/about.php page Moderate
CVE-2024-34899 was published for wwbn/avideo (Composer) May 20, 2024
MiguelCastillo @bit/loader Prototype Pollution issue Moderate
CVE-2024-24293 was published for @bit/loader (npm) May 20, 2024
Blackprint @blackprint/engine Prototype Pollution issue Moderate
CVE-2024-24294 was published for @blackprint/engine (npm) May 20, 2024
Pusher Service Channel Authentication Bypass Moderate
GHSA-7v7m-pcw5-h3cg was published for pusher/pusher-php-server (Composer) May 20, 2024
ProTip! Advisories are also available from the GraphQL API