Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

34,843 advisories

Loading
The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button... Moderate Unreviewed
CVE-2024-1805 was published May 2, 2024
The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post... Moderate Unreviewed
CVE-2024-1840 was published May 2, 2024
The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom... Moderate Unreviewed
CVE-2024-1842 was published May 2, 2024
The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title... Moderate Unreviewed
CVE-2024-1841 was published May 2, 2024
The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2023-6487 was published May 22, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-2864 was published Mar 25, 2024
The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross... High Unreviewed
CVE-2024-3600 was published Apr 19, 2024
Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0.... Moderate Unreviewed
CVE-2024-45478 was published Jan 22, 2025
The Search & Filter Pro WordPress plugin before 2.5.18 does not sanitise and escape some of its... Moderate Unreviewed
CVE-2024-6481 was published Aug 8, 2024
The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters,... Moderate Unreviewed
CVE-2024-7084 was published Aug 6, 2024
The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2024-4669 was published Jun 11, 2024
The LuckyWP Table of Contents plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2024-2119 was published May 22, 2024
Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site Scripting Moderate
CVE-2021-33339 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2021-33336 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2021-33332 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App Moderate
CVE-2021-29051 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page Moderate
CVE-2021-29048 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Gogs vulnerable to Cross-site Scripting Critical
CVE-2022-32174 was published for gogs.io/gogs (Go) Oct 11, 2022
Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin High
CVE-2025-4123 was published for github.com/grafana/grafana (Go) May 22, 2025
The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its... Moderate Unreviewed
CVE-2024-13486 was published May 15, 2025
The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its... Moderate Unreviewed
CVE-2025-2162 was published Apr 18, 2025
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an... High Unreviewed
CVE-2025-31501 was published May 28, 2025
Improper neutralization of the value of the 'eventMoreText' property of the 'VCalendar' component... Moderate Unreviewed
CVE-2025-1461 was published May 28, 2025
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an... High Unreviewed
CVE-2025-31500 was published May 28, 2025
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via... High Unreviewed
CVE-2025-30087 was published May 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database