Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

117,970 advisories

Loading
Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers... Moderate Unreviewed
CVE-2024-36050 was published May 19, 2024
Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient... Moderate Unreviewed
CVE-2024-28063 was published May 19, 2024
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-4432 was published May 18, 2024
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2024-5088 was published May 18, 2024
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-4698 was published May 18, 2024
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin... Moderate Unreviewed
CVE-2024-2772 was published May 18, 2024
The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2024-4849 was published May 18, 2024
The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2024-3811 was published May 18, 2024
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2024-4374 was published May 18, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-3714 was published May 18, 2024
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress... Moderate Unreviewed
CVE-2024-4891 was published May 18, 2024
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2024-4865 was published May 18, 2024
Tor path lengths too short when "full Vanguards" configured Moderate
CVE-2024-35313 was published for arti (Rust) May 18, 2024
An attacker could potentially intercept credentials via the task manager and perform unauthorized... Moderate Unreviewed
CVE-2024-23583 was published May 18, 2024
SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability. Moderate Unreviewed
CVE-2024-23556 was published May 18, 2024
Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to... Moderate Unreviewed
CVE-2024-23554 was published May 18, 2024
onelogin/php-saml signature wrapping attacks Moderate
CVE-2016-1000253 was published for onelogin/php-saml (Composer) May 17, 2024
Privilege Escalation in TYPO3 Neos Moderate
GHSA-43cf-7f3h-38rg was published for neos/neos (Composer) May 17, 2024
Time-Based Information Disclosure Vulnerability in Flow Moderate
GHSA-6pq8-67pw-j6hw was published for neos/flow (Composer) May 17, 2024
Neos Flow Information disclosure in entity security Moderate
GHSA-9cw3-j7wg-jwj8 was published for neos/flow (Composer) May 17, 2024
Neos Flow Arbitrary file upload and XML External Entity processing Moderate
GHSA-5vv7-j593-mgjc was published for neos/flow (Composer) May 17, 2024
The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address... Moderate Unreviewed
CVE-2024-5022 was published May 17, 2024
DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php. Moderate Unreviewed
CVE-2024-34959 was published May 17, 2024
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online... Moderate Unreviewed
CVE-2024-5069 was published May 17, 2024
A vulnerability classified as critical was found in PHPGurukul Online Course Registration System... Moderate Unreviewed
CVE-2024-5066 was published May 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database