Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

40,885 advisories

Loading
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2024-54250 was published Dec 13, 2024
Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a... Critical Unreviewed
CVE-2024-11986 was published Dec 13, 2024
The Out of the Block: OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-11827 was published Dec 13, 2024
The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use... Moderate Unreviewed
CVE-2024-9608 was published Dec 13, 2024
The Property Hive Stamp Duty Calculator plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-12465 was published Dec 13, 2024
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2024-11832 was published Dec 13, 2024
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp... Moderate Unreviewed
CVE-2024-11910 was published Dec 13, 2024
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2024-12042 was published Dec 13, 2024
The Booking System Trafft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-11754 was published Dec 13, 2024
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is... Moderate Unreviewed
CVE-2024-12581 was published Dec 13, 2024
The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block... Moderate Unreviewed
CVE-2024-10678 was published Dec 13, 2024
The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File... Moderate Unreviewed
CVE-2024-12574 was published Dec 13, 2024
The NewsmanApp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's... Moderate Unreviewed
CVE-2024-11767 was published Dec 13, 2024
The Primer MyData for Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2024-11809 was published Dec 13, 2024
The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image... Moderate Unreviewed
CVE-2024-10939 was published Dec 13, 2024
Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx Moderate
CVE-2024-55878 was published for shuchkin/simplexlsx (Composer) Dec 12, 2024
shuchkin Credited to shuchkin
The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-12271 was published Dec 12, 2024
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run... Moderate Unreviewed
CVE-2024-28142 was published Dec 12, 2024
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run... Moderate Unreviewed
CVE-2024-47947 was published Dec 12, 2024
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run... Moderate Unreviewed
CVE-2024-36494 was published Dec 12, 2024
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run... Moderate Unreviewed
CVE-2024-36498 was published Dec 12, 2024
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5... Moderate Unreviewed
CVE-2024-8179 was published Dec 12, 2024
The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups... Moderate Unreviewed
CVE-2024-10583 was published Dec 12, 2024
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is... Moderate Unreviewed
CVE-2024-10784 was published Dec 12, 2024
The Currency Converter Widget ⚡ PRO plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-11760 was published Dec 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database