Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,730
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

30,316 advisories

Loading
The Music Player for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2025-5340 was published Jun 3, 2025
The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-4420 was published Jun 3, 2025
The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2025-5116 was published Jun 3, 2025
Gokapi vulnerable to stored XSS via uploading file with malicious file name Moderate
CVE-2025-48494 was published for github.com/forceu/gokapi (Go) Jun 3, 2025
4rdr Forceu
Gokapi has stored XSS vulnerability in friendly name for API keys Moderate
CVE-2025-48495 was published for github.com/forceu/gokapi (Go) Jun 3, 2025
Forceu
The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2025-3919 was published Jun 3, 2025
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3... Moderate Unreviewed
CVE-2024-23782 was published Jan 29, 2024
The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before... Moderate Unreviewed
CVE-2023-7200 was published Jan 29, 2024
A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1... Moderate Unreviewed
CVE-2024-40114 was published Jun 2, 2025
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in ... Moderate Unreviewed
CVE-2025-45387 was published Jun 2, 2025
A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the... Moderate Unreviewed
CVE-2025-44115 was published Jun 2, 2025
Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus... Moderate Unreviewed
CVE-2024-48704 was published May 23, 2025
The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product... Moderate Unreviewed
CVE-2022-3194 was published Jan 16, 2024
The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape... Moderate Unreviewed
CVE-2023-0079 was published Jan 16, 2024
A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple... Moderate Unreviewed
CVE-2024-3509 was published Jun 2, 2025
A reflected cross-site scripting (XSS) vulnerability exists in multiple [Vendor Name] products... Moderate Unreviewed
CVE-2024-8008 was published Jun 2, 2025
In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions... Moderate Unreviewed
CVE-2025-20297 was published Jun 2, 2025
The simple sort&search WordPress plugin through 0.0.3 does not make sure that the indexurl... Moderate Unreviewed
CVE-2021-24433 was published Jan 16, 2024
A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows... Moderate Unreviewed
CVE-2023-48858 was published Jan 17, 2024
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have... Moderate Unreviewed
CVE-2024-0238 was published Jan 16, 2024
The Product Enquiry for WooCommerce WordPress plugin before 3.2 does not sanitise and escape the... Moderate Unreviewed
CVE-2023-7151 was published Jan 16, 2024
The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options... Moderate Unreviewed
CVE-2023-0376 was published Jan 16, 2024
The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some... Moderate Unreviewed
CVE-2023-6732 was published Jan 16, 2024
The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a... Moderate Unreviewed
CVE-2023-0769 was published Jan 16, 2024
A vulnerability was found in Mist Community Edition up to 4.7.1. It has been rated as problematic... Moderate Unreviewed
CVE-2025-5411 was published Jun 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database