Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,015
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

29,665 advisories

Loading
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality Moderate
CVE-2024-53999 was published for mobsf (pip) Dec 3, 2024
lDomenx
Vitess allows HTML injection in /debug/querylogz & /debug/env Moderate
CVE-2024-53257 was published for vitess.io/vitess (Go) Dec 3, 2024
quinox
The Goodlayers Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2024-11200 was published Dec 3, 2024
The Campaign Monitor Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross... Moderate Unreviewed
CVE-2024-11326 was published Dec 3, 2024
The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed
CVE-2024-11782 was published Dec 3, 2024
The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2024-11325 was published Dec 3, 2024
The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ar’... Moderate Unreviewed
CVE-2024-11853 was published Dec 3, 2024
The BMLT Tabbed Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2024-11866 was published Dec 3, 2024
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel,... Moderate Unreviewed
CVE-2024-9058 was published Dec 3, 2024
The Quick License Manager – WooCommerce Plugin plugin for WordPress is vulnerable to Reflected... Moderate Unreviewed
CVE-2024-11805 was published Dec 3, 2024
The My auctions allegro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-11707 was published Dec 3, 2024
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals... Moderate Unreviewed
CVE-2024-11898 was published Dec 3, 2024
The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin... Moderate Unreviewed
CVE-2024-11453 was published Dec 3, 2024
The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-11461 was published Dec 3, 2024
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-10484 was published Dec 3, 2024
The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2024-9694 was published Dec 3, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53989 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53987 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53988 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53986 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitize has XSS vulnerability with certain configurations Low
CVE-2024-53985 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to... Moderate Unreviewed
CVE-2024-53617 was published Dec 2, 2024
ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform.... Moderate Unreviewed
CVE-2024-5890 was published Dec 2, 2024
Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern Moderate
CVE-2024-53864 was published for ibexa/admin-ui (Composer) Dec 2, 2024
Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter. Moderate Unreviewed
CVE-2024-53459 was published Dec 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database