GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
30,233 advisories
Filter by severity
Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS).
Moderate
Unreviewed
CVE-2024-55492
was published
Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2024-51646
was published
Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2024-54350
was published
Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2024-56016
was published
Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2024-56010
was published
Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2024-49677
was published
Dec 18, 2024
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and...
High
Unreviewed
CVE-2024-56174
was published
Dec 18, 2024
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and...
Moderate
Unreviewed
CVE-2024-56175
was published
Dec 18, 2024
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-12449
was published
Dec 18, 2024
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and...
Moderate
Unreviewed
CVE-2024-56173
was published
Dec 18, 2024
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross...
Moderate
Unreviewed
CVE-2024-11254
was published
Dec 18, 2024
The Philantro – Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross...
Moderate
Unreviewed
CVE-2024-12500
was published
Dec 18, 2024
The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin...
Moderate
Unreviewed
CVE-2024-11748
was published
Dec 18, 2024
The Easy Waveform Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
Moderate
Unreviewed
CVE-2024-11881
was published
Dec 18, 2024
The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
Moderate
Unreviewed
CVE-2024-12513
was published
Dec 18, 2024
The ScanCircle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's...
Moderate
Unreviewed
CVE-2024-11439
was published
Dec 18, 2024
Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page
Moderate
CVE-2023-37940
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Dec 18, 2024
Liferay Portal and Liferay DXP vulnerable to Criss-site Scripting
Moderate
CVE-2024-11993
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Dec 17, 2024
A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth...
Moderate
Unreviewed
CVE-2024-55056
was published
Dec 17, 2024
A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate...
Moderate
Unreviewed
CVE-2024-55059
was published
Dec 17, 2024
The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-12395
was published
Dec 17, 2024
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-12469
was published
Dec 17, 2024
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2024-12024
was published
Dec 17, 2024
Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver...
Moderate
Unreviewed
CVE-2024-55864
was published
Dec 17, 2024
The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site...
Moderate
Unreviewed
CVE-2024-12239
was published
Dec 17, 2024
ProTip!
Advisories are also available from the
GraphQL API