GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
203 advisories
Filter by severity
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML...
Moderate
Unreviewed
CVE-2024-41752
was published
Dec 18, 2024
The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS...
Moderate
Unreviewed
CVE-2024-12127
was published
Dec 17, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2024-54223
was published
Dec 9, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2023-47869
was published
Dec 9, 2024
Directus has an HTML Injection in Comment
Moderate
CVE-2024-54128
was published
for
@directus/app
(npm)
Dec 5, 2024
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a...
Low
Unreviewed
CVE-2024-42195
was published
Dec 5, 2024
A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated...
Moderate
Unreviewed
CVE-2020-26067
was published
Nov 18, 2024
The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
Moderate
Unreviewed
CVE-2024-10592
was published
Nov 16, 2024
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an...
Moderate
Unreviewed
CVE-2022-20654
was published
Nov 15, 2024
The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin...
Moderate
Unreviewed
CVE-2024-10038
was published
Nov 13, 2024
The Simple Shortcode for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-10621
was published
Nov 8, 2024
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure...
Moderate
Unreviewed
CVE-2024-20504
was published
Nov 6, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2024-9147
was published
Nov 4, 2024
The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ...
Moderate
Unreviewed
CVE-2024-9438
was published
Oct 29, 2024
A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA)...
Moderate
Unreviewed
CVE-2024-20382
was published
Oct 23, 2024
A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA)...
Moderate
Unreviewed
CVE-2024-20341
was published
Oct 23, 2024
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
Moderate
CVE-2024-47819
was published
for
@umbraco-cms/backoffice
(npm)
Oct 22, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
High
Unreviewed
CVE-2024-44061
was published
Oct 20, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone...
Moderate
Unreviewed
CVE-2024-20460
was published
Oct 16, 2024
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ...
Moderate
Unreviewed
CVE-2024-47139
was published
Oct 16, 2024
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS
Moderate
CVE-2024-47765
was published
for
dev-lancer/minecraft-motd-parser
(Composer)
Oct 4, 2024
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that...
Moderate
Unreviewed
CVE-2024-38039
was published
Oct 4, 2024
The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due...
High
Unreviewed
CVE-2024-8981
was published
Oct 1, 2024
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field
Moderate
CVE-2024-47536
was published
for
starcitizentools/citizen-skin
(Composer)
Sep 30, 2024
The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site...
Moderate
Unreviewed
CVE-2024-8872
was published
Sep 26, 2024
ProTip!
Advisories are also available from the
GraphQL API