Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,312 advisories

Loading
In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject... Low Unreviewed
CVE-2025-22272 was published Feb 28, 2025
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and... Low Unreviewed
CVE-2024-10545 was published Feb 25, 2025
The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its... Low Unreviewed
CVE-2024-13585 was published Feb 21, 2025
The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and... Low Unreviewed
CVE-2024-13314 was published Feb 21, 2025
The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its... Low Unreviewed
CVE-2024-13125 was published Feb 13, 2025
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile &... Low Unreviewed
CVE-2024-13121 was published Feb 13, 2025
The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape... Low Unreviewed
CVE-2025-0692 was published Feb 13, 2025
Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Low Unreviewed
CVE-2024-27780 was published Feb 11, 2025
In affected versions of Octopus Server error messages were handled unsafely on the error page. If... Low Unreviewed
CVE-2025-0513 was published Feb 11, 2025
The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings... Low Unreviewed
CVE-2024-13116 was published Jan 27, 2025
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet... Low Unreviewed
CVE-2024-52967 was published Jan 14, 2025
A vulnerability has been identified in Industrial Edge Management OS (IEM-OS) (All versions).... Low Unreviewed
CVE-2024-45385 was published Jan 14, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Low Unreviewed
CVE-2024-13308 was published Jan 9, 2025
The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its... Low Unreviewed
CVE-2024-10562 was published Jan 7, 2025
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not... Low Unreviewed
CVE-2024-10102 was published Jan 7, 2025
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage.... Low Unreviewed
CVE-2024-55541 was published Jan 2, 2025
A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin ... Low Unreviewed
CVE-2024-9101 was published Dec 19, 2024
ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx... Low Unreviewed
CVE-2024-56082 was published Dec 15, 2024
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a... Low Unreviewed
CVE-2024-42195 was published Dec 5, 2024
The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings... Low Unreviewed
CVE-2024-10710 was published Nov 25, 2024
Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a... Low Unreviewed
CVE-2024-51337 was published Nov 21, 2024
In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a... Low Unreviewed
CVE-2024-10515 was published Nov 20, 2024
A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows... Low Unreviewed
CVE-2022-1226 was published Nov 15, 2024
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a... Low Unreviewed
CVE-2024-45099 was published Nov 14, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2024-5532 was published Oct 28, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database