Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

24,716 advisories

Loading
The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected... Moderate Unreviewed
CVE-2024-12407 was published Jan 11, 2025
The GatorMail SmartForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-11386 was published Jan 11, 2025
The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2024-11758 was published Jan 11, 2025
The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration –... Moderate Unreviewed
CVE-2024-12412 was published Jan 11, 2025
The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2024-11874 was published Jan 11, 2025
The Dominion – Domain Checker for WPBakery plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2024-12520 was published Jan 11, 2025
The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-12527 was published Jan 11, 2025
The TCBD Auto Refresher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2024-12519 was published Jan 11, 2025
The Accordion Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-11892 was published Jan 11, 2025
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is... Moderate Unreviewed
CVE-2024-12304 was published Jan 11, 2025
The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages... Moderate Unreviewed
CVE-2024-11327 was published Jan 11, 2025
The Trackserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed
CVE-2024-12505 was published Jan 11, 2025
An issue was discovered in REDCap 14.9.6. A stored cross-site scripting (XSS) vulnerability... Moderate Unreviewed
CVE-2025-23112 was published Jan 11, 2025
An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in... Moderate Unreviewed
CVE-2025-23110 was published Jan 11, 2025
An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name,... Moderate Unreviewed
CVE-2025-23111 was published Jan 11, 2025
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-0311 was published Jan 10, 2025
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-13183 was published Jan 10, 2025
A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6... Moderate Unreviewed
CVE-2024-56376 was published Jan 10, 2025
A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows... Moderate Unreviewed
CVE-2024-56377 was published Jan 10, 2025
Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a remote attacker to... Moderate Unreviewed
CVE-2024-51229 was published Jan 10, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2024-13298 was published Jan 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2024-13301 was published Jan 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2024-13294 was published Jan 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2024-13305 was published Jan 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2024-13262 was published Jan 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database