Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

112,213 advisories

Loading
A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent... Moderate Unreviewed
CVE-2025-0392 was published Jan 11, 2025
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed
CVE-2024-42171 was published Jan 11, 2025
The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected... Moderate Unreviewed
CVE-2024-12407 was published Jan 11, 2025
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed
CVE-2024-42170 was published Jan 11, 2025
The GatorMail SmartForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-11386 was published Jan 11, 2025
HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak... Moderate Unreviewed
CVE-2024-42173 was published Jan 11, 2025
The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-12116 was published Jan 11, 2025
HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys,... Moderate Unreviewed
CVE-2024-42172 was published Jan 11, 2025
The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2024-11758 was published Jan 11, 2025
A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent... Moderate Unreviewed
CVE-2025-0391 was published Jan 11, 2025
The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration –... Moderate Unreviewed
CVE-2024-12412 was published Jan 11, 2025
The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all... Moderate Unreviewed
CVE-2024-11915 was published Jan 11, 2025
The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2024-11874 was published Jan 11, 2025
The Dominion – Domain Checker for WPBakery plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2024-12520 was published Jan 11, 2025
The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-12527 was published Jan 11, 2025
The TCBD Auto Refresher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2024-12519 was published Jan 11, 2025
A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms... Moderate Unreviewed
CVE-2025-0390 was published Jan 11, 2025
The Accordion Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-11892 was published Jan 11, 2025
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is... Moderate Unreviewed
CVE-2024-12304 was published Jan 11, 2025
An OS command injection vulnerability in Palo Alto Networks Expedition enables an authenticated... Moderate Unreviewed
CVE-2025-0107 was published Jan 11, 2025
An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an... Moderate Unreviewed
CVE-2025-0105 was published Jan 11, 2025
The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages... Moderate Unreviewed
CVE-2024-11327 was published Jan 11, 2025
The Trackserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed
CVE-2024-12505 was published Jan 11, 2025
The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up... Moderate Unreviewed
CVE-2024-12472 was published Jan 11, 2025
A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated... Moderate Unreviewed
CVE-2025-0106 was published Jan 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database