GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
24,608 advisories
Filter by severity
The Roles & Capabilities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due...
Moderate
Unreviewed
CVE-2024-8732
was published
Sep 13, 2024
The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
Moderate
Unreviewed
CVE-2024-8747
was published
Sep 13, 2024
The Exit Notifier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the...
Moderate
Unreviewed
CVE-2024-8730
was published
Sep 13, 2024
The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use...
Moderate
Unreviewed
CVE-2024-8731
was published
Sep 13, 2024
The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due...
Moderate
Unreviewed
CVE-2024-8734
was published
Sep 13, 2024
The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting...
Moderate
Unreviewed
CVE-2024-8737
was published
Sep 13, 2024
The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’...
Moderate
Unreviewed
CVE-2024-5870
was published
Sep 13, 2024
The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url'...
Moderate
Unreviewed
CVE-2024-5789
was published
Sep 13, 2024
The Beauty theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
Moderate
Unreviewed
CVE-2024-5884
was published
Sep 13, 2024
The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’...
Moderate
Unreviewed
CVE-2024-5869
was published
Sep 13, 2024
The Delicate theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link'...
Moderate
Unreviewed
CVE-2024-5867
was published
Sep 13, 2024
The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the...
Moderate
Unreviewed
CVE-2024-8664
was published
Sep 13, 2024
The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2024-8665
was published
Sep 13, 2024
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce...
Moderate
Unreviewed
CVE-2024-8742
was published
Sep 13, 2024
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads...
Moderate
Unreviewed
CVE-2024-5567
was published
Sep 13, 2024
The WP Simple Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site...
Moderate
Unreviewed
CVE-2024-8663
was published
Sep 13, 2024
The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-5628
was published
Sep 13, 2024
The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2024-8656
was published
Sep 13, 2024
ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site...
Moderate
Unreviewed
CVE-2024-34335
was published
Sep 12, 2024
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be...
Critical
Unreviewed
CVE-2024-8695
was published
Sep 12, 2024
Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515...
Moderate
Unreviewed
CVE-2020-24061
was published
Sep 12, 2024
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls...
High
Unreviewed
CVE-2024-8696
was published
Sep 12, 2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.
Moderate
Unreviewed
CVE-2024-6700
was published
Sep 12, 2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.
Moderate
Unreviewed
CVE-2024-6702
was published
Sep 12, 2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.
Moderate
Unreviewed
CVE-2024-6701
was published
Sep 12, 2024
ProTip!
Advisories are also available from the
GraphQL API