Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,759
NuGet
678
pip
3,445
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

122,221 advisories

Loading
Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800... Moderate Unreviewed
CVE-2024-22068 was published Oct 10, 2024
The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-9072 was published Oct 10, 2024
The Curator.io: Show all your social media posts in a beautiful feed. plugin for WordPress is... Moderate Unreviewed
CVE-2024-9057 was published Oct 10, 2024
The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin... Moderate Unreviewed
CVE-2024-8477 was published Oct 10, 2024
The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of... Moderate Unreviewed
CVE-2024-9520 was published Oct 10, 2024
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for... Moderate Unreviewed
CVE-2024-8987 was published Oct 10, 2024
The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for... Moderate Unreviewed
CVE-2024-8513 was published Oct 10, 2024
The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2024-9066 was published Oct 10, 2024
The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-9064 was published Oct 10, 2024
The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File... Moderate Unreviewed
CVE-2024-9457 was published Oct 10, 2024
The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG... Moderate Unreviewed
CVE-2024-9074 was published Oct 10, 2024
The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected... Moderate Unreviewed
CVE-2024-9205 was published Oct 10, 2024
The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due... Moderate Unreviewed
CVE-2024-9065 was published Oct 10, 2024
The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message... Moderate Unreviewed
CVE-2024-9685 was published Oct 10, 2024
The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2024-8729 was published Oct 10, 2024
In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API... Moderate Unreviewed
CVE-2024-7048 was published Oct 10, 2024
The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-9377 was published Oct 10, 2024
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for... Moderate Unreviewed
CVE-2024-9067 was published Oct 10, 2024
Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password... Moderate Unreviewed
CVE-2024-8264 was published Oct 10, 2024
An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x... Moderate Unreviewed
CVE-2023-45359 was published Oct 9, 2024
Vulnerable juju introspection abstract UNIX domain socket Moderate
CVE-2024-8038 was published for github.com/juju/juju (Go) Oct 3, 2024
hpidcock
JUJU_CONTEXT_ID is a predictable authentication secret Moderate
CVE-2024-7558 was published for github.com/juju/juju (Go) Oct 3, 2024
hpidcock lucistanescu
Vulnerable juju hook tool abstract UNIX domain socket Moderate
CVE-2024-8037 was published for github.com/juju/juju (Go) Oct 3, 2024
hpidcock phvalguima
Grafana Agent (Flow mode) on Windows has Unquoted Search Path or Element vulnerability Moderate
CVE-2024-8996 was published for github.com/grafana/agent (Go) Sep 25, 2024
open-webui Insecure Direct Object Reference (IDOR) vulnerability Moderate
CVE-2024-7041 was published for open-webui (pip) Oct 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database