Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

3,479 advisories

Loading
Parse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML extension blocklist entries High
CVE-2026-32728 was published for parse-server (npm) Mar 16, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-25369 was published Mar 16, 2026
Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several... High Unreviewed
CVE-2013-20006 was published Mar 16, 2026
Angular vulnerable to XSS in i18n attribute bindings High
CVE-2026-32635 was published for @angular/compiler (npm) Mar 13, 2026
alan-agius4 Credited to alan-agius4, AndrewKushnir, securityMB, josephperrott, crisbeto, and hdtmccallie AndrewKushnir AndrewKushnir
securityMB securityMB josephperrott josephperrott crisbeto crisbeto hdtmccallie hdtmccallie
OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose") High
CVE-2026-32308 was published for oneuptime (npm) Mar 13, 2026
restriction Credited to restriction
A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an... High Unreviewed
CVE-2026-2513 was published Mar 12, 2026
In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an... High Unreviewed
CVE-2026-2514 was published Mar 12, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18... High Unreviewed
CVE-2026-1090 was published Mar 11, 2026
The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed
CVE-2026-3178 was published Mar 11, 2026
The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable... High Unreviewed
CVE-2026-3231 was published Mar 11, 2026
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable... High Unreviewed
CVE-2026-1454 was published Mar 11, 2026
The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before... High Unreviewed
CVE-2026-2466 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... High Unreviewed
CVE-2026-21361 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... High Unreviewed
CVE-2026-21311 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... High Unreviewed
CVE-2026-21284 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... High Unreviewed
CVE-2026-21290 was published Mar 11, 2026
Parse Server vulnerable to stored cross-site scripting (XSS) via SVG file upload High
CVE-2026-30948 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that... High Unreviewed
CVE-2026-2266 was published Mar 10, 2026
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2026-2724 was published Mar 10, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft... High Unreviewed
CVE-2026-26105 was published Mar 10, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft... High Unreviewed
CVE-2026-26144 was published Mar 10, 2026
The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz... High Unreviewed
CVE-2026-1261 was published Mar 10, 2026
Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking High
CVE-2026-29175 was published for craftcms/commerce (Composer) Mar 10, 2026
mHe4am Credited to mHe4am
FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse) High
CVE-2026-30934 was published for github.com/gtsteffaniak/filebrowser (Go) Mar 9, 2026
lulaide Credited to lulaide
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was... High Unreviewed
CVE-2025-70038 was published Mar 9, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database