GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 28,553
Composer 5,554
Erlang 49
GitHub Actions 49
Go 3,426
Maven 6,365
npm 5,645
NuGet 882
pip 4,670
Pub 13
RubyGems 1,029
Rust 1,212
Swift 53

Unreviewed advisories

All unreviewed 296,685

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

141,967 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable... Moderate Unreviewed

CVE-2025-14732 was published Apr 8, 2026

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms.... Moderate Unreviewed

CVE-2026-1163 was published Apr 8, 2026

The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of... Moderate Unreviewed

CVE-2026-4065 was published Apr 8, 2026

The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2026-4406 was published Apr 8, 2026

Improper neutralization of input during web page generation ('cross-site scripting')... Moderate Unreviewed

CVE-2026-39935 was published Apr 8, 2026

Improper neutralization of input during web page generation ('cross-site scripting')... Moderate Unreviewed

CVE-2026-39936 was published Apr 8, 2026

An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock... Moderate Unreviewed

CVE-2025-20628 was published Apr 8, 2026

The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the ... Moderate Unreviewed

CVE-2026-4401 was published Apr 8, 2026

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable... Moderate Unreviewed

CVE-2026-2263 was published Apr 8, 2026

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2026-4394 was published Apr 8, 2026

Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation... Moderate Unreviewed

CVE-2026-39934 was published Apr 8, 2026

A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue... Moderate Unreviewed

CVE-2026-5333 was published Apr 2, 2026

A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic... Moderate Unreviewed

CVE-2025-67805 was published Apr 1, 2026

Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation... Moderate Unreviewed

CVE-2026-22711 was published Apr 7, 2026

The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information... Moderate Unreviewed

CVE-2025-14858 was published Apr 7, 2026

Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in... Moderate Unreviewed

CVE-2026-39837 was published Apr 7, 2026

Improper neutralization of input during web page generation ('cross-site scripting')... Moderate Unreviewed

CVE-2026-39838 was published Apr 7, 2026

A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element... Moderate Unreviewed

CVE-2026-5741 was published Apr 7, 2026

Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in... Moderate Unreviewed

CVE-2026-39841 was published Apr 7, 2026

A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of... Moderate Unreviewed

CVE-2026-5736 was published Apr 7, 2026

Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in... Moderate Unreviewed

CVE-2026-39839 was published Apr 7, 2026

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running... Moderate Unreviewed

CVE-2025-14857 was published Apr 7, 2026

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the... Moderate Unreviewed

CVE-2026-5739 was published Apr 7, 2026

Improper neutralization of input during web page generation ('cross-site scripting')... Moderate Unreviewed

CVE-2026-39840 was published Apr 7, 2026

Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation... Moderate Unreviewed

CVE-2026-5762 was published Apr 7, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

141,967 advisories