Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

6,159 advisories

Loading
The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure... Moderate Unreviewed
CVE-2024-9542 was published Nov 22, 2024
The Increase Maximum Upload File Size | Increase Execution Time plugin for WordPress is... Moderate Unreviewed
CVE-2024-11265 was published Nov 23, 2024
The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-8899 was published Nov 26, 2024
The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-11083 was published Nov 27, 2024
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace Moderate
CVE-2024-53859 was published for github.com/cli/go-gh (Go) Nov 27, 2024
BagToad williammartin
andyfeller jtmcg Ry0taK
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts Moderate
CVE-2024-53858 was published for github.com/cli/cli/v2 (Go) Nov 27, 2024
BagToad andyfeller
williammartin jtmcg Ry0taK
A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated... Moderate Unreviewed
CVE-2024-11961 was published Nov 28, 2024
Access to Archived Argo Workflows with Fake Token in `client` mode Moderate
CVE-2024-53862 was published for github.com/argoproj/argo-workflows/v3 (Go) Dec 2, 2024
ljyanesm agilgur5
The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure... Moderate Unreviewed
CVE-2024-11292 was published Dec 6, 2024
The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-11106 was published Dec 10, 2024
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18,... Moderate Unreviewed
CVE-2024-53243 was published Dec 10, 2024
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions... Moderate Unreviewed
CVE-2024-53244 was published Dec 10, 2024
The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-11008 was published Dec 11, 2024
The Restrict – membership, site, content and user access restrictions for WordPress plugin for... Moderate Unreviewed
CVE-2024-11351 was published Dec 11, 2024
The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information... Moderate Unreviewed
CVE-2024-12255 was published Dec 12, 2024
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due... Moderate Unreviewed
CVE-2024-12329 was published Dec 12, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open... Moderate Unreviewed
CVE-2024-12564 was published Dec 12, 2024
Vulnerability of improper access control in the album module Impact: Successful exploitation of... Moderate Unreviewed
CVE-2024-54103 was published Dec 12, 2024
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful... Moderate Unreviewed
CVE-2024-54117 was published Dec 12, 2024
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful... Moderate Unreviewed
CVE-2024-54118 was published Dec 12, 2024
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful... Moderate Unreviewed
CVE-2024-54119 was published Dec 12, 2024
An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to... Moderate Unreviewed
CVE-2024-9945 was published Dec 13, 2024
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information... Moderate Unreviewed
CVE-2024-12578 was published Dec 14, 2024
Welcome and About GeoServer pages communicate version and revision information Moderate
CVE-2024-35230 was published for org.geoserver.web:gs-web-app (Maven) Dec 16, 2024
jodygarnett
Some parameters of the weather module are improperly stored, leaking some sensitive information. Moderate Unreviewed
CVE-2021-26279 was published Dec 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database