GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+
107,349 advisories
Filter by severity
The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross...
Moderate
Unreviewed
CVE-2024-4700
was published
May 21, 2024
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
Moderate
Unreviewed
CVE-2024-4361
was published
May 21, 2024
The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for...
Moderate
Unreviewed
CVE-2024-3268
was published
May 21, 2024
The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
Moderate
Unreviewed
CVE-2024-4695
was published
May 21, 2024
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable...
Moderate
Unreviewed
CVE-2024-4619
was published
May 21, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL
Injection')...
Moderate
Unreviewed
CVE-2023-3938
was published
May 21, 2024
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross...
Moderate
Unreviewed
CVE-2024-4553
was published
May 21, 2024
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized...
Moderate
Unreviewed
CVE-2024-4875
was published
May 21, 2024
The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's...
Moderate
Unreviewed
CVE-2024-3345
was published
May 21, 2024
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross...
Moderate
Unreviewed
CVE-2024-4470
was published
May 21, 2024
The UberMenu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's...
Moderate
Unreviewed
CVE-2024-4710
was published
May 21, 2024
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
Moderate
Unreviewed
CVE-2024-4943
was published
May 21, 2024
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo...
Moderate
Unreviewed
CVE-2024-3155
was published
May 21, 2024
The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow...
Moderate
Unreviewed
CVE-2024-0816
was published
May 21, 2024
The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50...
Moderate
Unreviewed
CVE-2023-37929
was published
May 21, 2024
A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as...
Moderate
Unreviewed
CVE-2024-5145
was published
May 21, 2024
github.com/cosmos/ibc-go affected by IBC protocol "Huckleberry" vulnerability
Moderate
GHSA-qjcv-rx3v-7mvj
was published
for
github.com/cosmos/ibc-go
(Go)
May 20, 2024
Stacklok Minder vulnerable to denial of service from maliciously crafted templates
Moderate
CVE-2024-35194
was published
for
github.com/stacklok/minder
(Go)
May 20, 2024
Trivy possibly leaks registry credential when scanning images from malicious registries
Moderate
CVE-2024-35192
was published
for
github.com/aquasecurity/trivy
(Go)
May 20, 2024
verbb/formie Server-Side Template Injection for variable-enabled settings
Moderate
CVE-2024-35191
was published
for
verbb/formie
(Composer)
May 20, 2024
Requests `Session` object does not verify requests after making first request with verify=False
Moderate
CVE-2024-35195
was published
for
requests
(pip)
May 20, 2024
AVideo cross-site scripting vulnerability in the view/about.php page
Moderate
CVE-2024-34899
was published
for
wwbn/avideo
(Composer)
May 20, 2024
MiguelCastillo @bit/loader Prototype Pollution issue
Moderate
CVE-2024-24293
was published
for
@bit/loader
(npm)
May 20, 2024
Blackprint @blackprint/engine Prototype Pollution issue
Moderate
CVE-2024-24294
was published
for
@blackprint/engine
(npm)
May 20, 2024
Pusher Service Channel Authentication Bypass
Moderate
GHSA-7v7m-pcw5-h3cg
was published
for
pusher/pusher-php-server
(Composer)
May 20, 2024
ProTip!
Advisories are also available from the
GraphQL API