Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
42
Go
3,114
Maven
5,000+
npm
5,000+
NuGet
826
pip
4,428
Pub
12
RubyGems
988
Rust
1,171
Swift
50
Unreviewed advisories
All unreviewed
5,000+

40,664 advisories

Loading
The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-1820 was published Mar 7, 2026
The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2026-1823 was published Mar 7, 2026
The Infomaniak Connect for OpenID plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-1824 was published Mar 7, 2026
The Show YouTube video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2026-1825 was published Mar 7, 2026
The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2026-2420 was published Mar 7, 2026
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress... Moderate Unreviewed
CVE-2026-2433 was published Mar 7, 2026
The MyQtip – easy qTip2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2026-1574 was published Mar 7, 2026
The Wueen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed
CVE-2026-1569 was published Mar 7, 2026
The DA Media GigList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2026-1805 was published Mar 7, 2026
The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar... High Unreviewed
CVE-2026-1074 was published Mar 7, 2026
The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed
CVE-2026-1071 was published Mar 7, 2026
The Hammas Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-1902 was published Mar 7, 2026
The CM Custom Reports plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed
CVE-2026-2431 was published Mar 7, 2026
The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed
CVE-2026-2721 was published Mar 7, 2026
The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed
CVE-2026-2722 was published Mar 7, 2026
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross... Moderate Unreviewed
CVE-2026-25073 was published Mar 7, 2026
CommonMark has DisallowedRawHtml extension bypass via whitespace in HTML tag names Moderate
CVE-2026-30838 was published for league/commonmark (Composer) Mar 6, 2026
defuddle vulnerable to XSS via unescaped string interpolation in _findContentBySchemaText image tag Low
CVE-2026-30830 was published for defuddle (npm) Mar 6, 2026
TinkAnet Credited to TinkAnet
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-35644 was published Mar 6, 2026
A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this... Moderate Unreviewed
CVE-2026-3610 was published Mar 6, 2026
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored... Moderate Unreviewed
CVE-2026-2593 was published Mar 6, 2026
Gogs: DOM-based XSS via milestone selection High
CVE-2026-26276 was published for gogs.io/gogs (Go) Mar 5, 2026
odgrso Credited to odgrso
Gogs: Stored XSS in branch and wiki views through author and committer names Moderate
CVE-2026-26195 was published for gogs.io/gogs (Go) Mar 5, 2026
rezmoss Credited to rezmoss
Gogs: Stored XSS via data URI in issue comments High
CVE-2026-26022 was published for gogs.io/gogs (Go) Mar 5, 2026
dxlerYT Credited to dxlerYT
Gokapi has Stored XSS in SVG Hotlinks High
CVE-2026-28683 was published for github.com/forceu/gokapi (Go) Mar 5, 2026
Sijisu Credited to Sijisu and Forceu Forceu Forceu
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database