Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

3,486 advisories

Loading
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed
CVE-2026-1238 was published Mar 19, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-28073 was published Mar 19, 2026
Filament Unvalidated Range and Values summarizer values can be used for XSS High
CVE-2026-33080 was published for filament/tables (Composer) Mar 18, 2026
danharrin Credited to danharrin
Statamic has Stored XSS via SVG Sanitization Bypass High
CVE-2026-33172 was published for statamic/cms (Composer) Mar 18, 2026
FilipeGaudard Credited to FilipeGaudard
The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup... High Unreviewed
CVE-2026-3090 was published Mar 18, 2026
Improper neutralization of input during web page generation ('cross-site scripting')... High Unreviewed
CVE-2026-3278 was published Mar 18, 2026
A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface... High Unreviewed
CVE-2026-22322 was published Mar 18, 2026
Parse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML extension blocklist entries High
CVE-2026-32728 was published for parse-server (npm) Mar 16, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-25369 was published Mar 16, 2026
Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several... High Unreviewed
CVE-2013-20006 was published Mar 16, 2026
Angular vulnerable to XSS in i18n attribute bindings High
CVE-2026-32635 was published for @angular/compiler (npm) Mar 13, 2026
alan-agius4 Credited to alan-agius4, AndrewKushnir, securityMB, josephperrott, crisbeto, and hdtmccallie AndrewKushnir AndrewKushnir
securityMB securityMB josephperrott josephperrott crisbeto crisbeto hdtmccallie hdtmccallie
OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose") High
CVE-2026-32308 was published for oneuptime (npm) Mar 13, 2026
restriction Credited to restriction
A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an... High Unreviewed
CVE-2026-2513 was published Mar 12, 2026
In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an... High Unreviewed
CVE-2026-2514 was published Mar 12, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18... High Unreviewed
CVE-2026-1090 was published Mar 11, 2026
The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed
CVE-2026-3178 was published Mar 11, 2026
The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable... High Unreviewed
CVE-2026-3231 was published Mar 11, 2026
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable... High Unreviewed
CVE-2026-1454 was published Mar 11, 2026
The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before... High Unreviewed
CVE-2026-2466 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... High Unreviewed
CVE-2026-21361 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... High Unreviewed
CVE-2026-21311 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... High Unreviewed
CVE-2026-21290 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... High Unreviewed
CVE-2026-21284 was published Mar 11, 2026
Parse Server vulnerable to stored cross-site scripting (XSS) via SVG file upload High
CVE-2026-30948 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that... High Unreviewed
CVE-2026-2266 was published Mar 10, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database