Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
42
Go
3,138
Maven
5,000+
npm
5,000+
NuGet
831
pip
4,438
Pub
12
RubyGems
990
Rust
1,174
Swift
50
Unreviewed advisories
All unreviewed
5,000+

319,935 advisories

Loading
The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `... Moderate Unreviewed
CVE-2026-2358 was published Mar 11, 2026
Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker... High Unreviewed
CVE-2026-20892 was published Mar 11, 2026
Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the... Low Unreviewed
CVE-2026-3884 was published Mar 11, 2026
A vulnerability in the web-based management interface of AOS-CX Switches could allow an... Moderate Unreviewed
CVE-2026-23817 was published Mar 11, 2026
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API... Moderate Unreviewed
CVE-2026-2707 was published Mar 11, 2026
A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated... High Unreviewed
CVE-2026-23815 was published Mar 11, 2026
The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the ... High Unreviewed
CVE-2026-3222 was published Mar 11, 2026
A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low... High Unreviewed
CVE-2026-23814 was published Mar 11, 2026
The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all... High Unreviewed
CVE-2025-13067 was published Mar 11, 2026
The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before... Unknown Unreviewed
CVE-2026-2466 was published Mar 11, 2026
A vulnerability has been identified in the web-based management interface of AOS-CX switches that... Critical Unreviewed
CVE-2026-23813 was published Mar 11, 2026
MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP... Critical Unreviewed
CVE-2026-29515 was published Mar 11, 2026
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an... Critical Unreviewed
CVE-2026-24448 was published Mar 11, 2026
The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one... Unknown Unreviewed
CVE-2026-2626 was published Mar 11, 2026
The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via... High Unreviewed
CVE-2026-2413 was published Mar 11, 2026
A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a... Low Unreviewed
CVE-2026-3911 was published Mar 11, 2026
The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST... Unknown Unreviewed
CVE-2026-2631 was published Mar 11, 2026
The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which... Unknown Unreviewed
CVE-2026-1753 was published Mar 11, 2026
netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for... Critical Unreviewed
CVE-2023-27573 was published Mar 11, 2026
A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated... High Unreviewed
CVE-2026-23816 was published Mar 11, 2026
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing... Unknown Unreviewed
CVE-2026-1867 was published Mar 11, 2026
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to... Critical Unreviewed
CVE-2026-27842 was published Mar 11, 2026
The rfpiped service on TCP port 555 in Ceragon Networks / Siklu Communication EtherHaul series ... Moderate Unreviewed
CVE-2025-57176 was published Sep 15, 2025
sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest High
CVE-2026-31830 was published for sigstore (RubyGems) Mar 11, 2026
hanazuki Credited to hanazuki
Umbraco Backoffice API Allows Unauthorized Modification of Domain Data Moderate
CVE-2026-31832 was published for Umbraco.Cms (NuGet) Mar 11, 2026
odgrso Credited to odgrso
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database