Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
42
Go
3,114
Maven
5,000+
npm
5,000+
NuGet
826
pip
4,428
Pub
12
RubyGems
988
Rust
1,171
Swift
50
Unreviewed advisories
All unreviewed
5,000+

319,273 advisories

Loading
@fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware High
CVE-2026-2880 was published for @fastify/middie (npm) Feb 28, 2026
tachote Credited to tachote, mcollina, UlisesGascon, and Eomm mcollina mcollina
UlisesGascon UlisesGascon Eomm Eomm
In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate... Moderate Unreviewed
CVE-2025-21836 was published Mar 7, 2025
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does... Unknown Unreviewed
CVE-2026-2219 was published Mar 7, 2026
The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed
CVE-2026-1071 was published Mar 7, 2026
Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all... Unknown Unreviewed
CVE-2026-24308 was published Mar 7, 2026
Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP... Unknown Unreviewed
CVE-2026-24281 was published Mar 7, 2026
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient... High Unreviewed
CVE-2025-14675 was published Mar 7, 2026
The Font Pairing Preview For Landing Pages plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2026-1086 was published Mar 7, 2026
The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2026-1823 was published Mar 7, 2026
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress... Moderate Unreviewed
CVE-2026-2433 was published Mar 7, 2026
The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2026-1085 was published Mar 7, 2026
The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar... High Unreviewed
CVE-2026-1074 was published Mar 7, 2026
The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2026-1073 was published Mar 7, 2026
The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2026-2420 was published Mar 7, 2026
The Infomaniak Connect for OpenID plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-1824 was published Mar 7, 2026
The Guardian News Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-1087 was published Mar 7, 2026
The DA Media GigList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2026-1805 was published Mar 7, 2026
The Wueen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed
CVE-2026-1569 was published Mar 7, 2026
The MyQtip – easy qTip2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2026-1574 was published Mar 7, 2026
The Show YouTube video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2026-1825 was published Mar 7, 2026
The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-1820 was published Mar 7, 2026
Black's vulnerable version parsing leads to RCE in GitHub Action High
GHSA-v53h-f6m7-xcgm was published for psf/black (GitHub Actions) Mar 7, 2026
ParzivalHack Credited to ParzivalHack
The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-8899 was published Mar 7, 2026
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-2494 was published Mar 7, 2026
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross... Moderate Unreviewed
CVE-2026-25073 was published Mar 7, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database