GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,653
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
28,037 advisories
Filter by severity
Injection of arbitrary HTML/JavaScript code through the media download URL
Moderate
CVE-2024-47617
was published
for
sulu/sulu
(Composer)
Oct 3, 2024
Cross-site Scripting via uploaded SVG
Moderate
CVE-2024-47618
was published
for
sulu/sulu
(Composer)
Oct 3, 2024
Contao allows admin an account to upload SVG file containing malicious JavaScript
Low
CVE-2024-45965
was published
for
contao/contao
(Composer)
Oct 2, 2024
October allows an admin account to upload PDF containing malicious JavaScript
Low
CVE-2024-45962
was published
for
october/october
(Composer)
Oct 2, 2024
Zenario allows authenticated admin users to upload PDF files containing malicious code
Low
CVE-2024-45960
was published
for
tribalsystems/zenario
(Composer)
Oct 2, 2024
Zenario Cross Site Scripting in the Image library
Low
CVE-2024-45964
was published
for
tribalsystems/zenario
(Composer)
Oct 2, 2024
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting...
Moderate
Unreviewed
CVE-2024-9440
was published
Oct 2, 2024
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Moderate
CVE-2024-43795
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This...
Moderate
Unreviewed
CVE-2024-33210
was published
Oct 2, 2024
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-8282
was published
Oct 2, 2024
The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting...
Moderate
Unreviewed
CVE-2024-9210
was published
Oct 2, 2024
The SEOPress – On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting...
Moderate
Unreviewed
CVE-2024-9225
was published
Oct 2, 2024
The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG...
Moderate
Unreviewed
CVE-2024-9172
was published
Oct 2, 2024
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content...
Moderate
Unreviewed
CVE-2024-9222
was published
Oct 2, 2024
The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN,...
Moderate
Unreviewed
CVE-2024-9344
was published
Oct 2, 2024
The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting...
Moderate
Unreviewed
CVE-2024-9378
was published
Oct 2, 2024
The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with...
Moderate
Unreviewed
CVE-2024-9218
was published
Oct 2, 2024
The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache,...
Moderate
Unreviewed
CVE-2024-8800
was published
Oct 2, 2024
The PWA — easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-8967
was published
Oct 2, 2024
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows...
Moderate
Unreviewed
CVE-2024-9174
was published
Oct 2, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Low
CVE-2024-47528
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via...
Moderate
Unreviewed
CVE-2024-46079
was published
Oct 1, 2024
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated...
Moderate
Unreviewed
CVE-2024-46081
was published
Oct 1, 2024
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated...
Moderate
Unreviewed
CVE-2024-46083
was published
Oct 1, 2024
A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the...
Moderate
Unreviewed
CVE-2024-9411
was published
Oct 1, 2024
ProTip!
Advisories are also available from the
GraphQL API