GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 26,819
Composer 5,284
Erlang 41
GitHub Actions 41
Go 3,098
Maven 6,285
npm 4,984
NuGet 826
pip 4,425
Pub 12
RubyGems 988
Rust 1,170
Swift 50

Unreviewed advisories

All unreviewed 292,311

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

292,311 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2024-35644 was published Mar 6, 2026

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kings Plugins B2BKing... Moderate Unreviewed

CVE-2026-28106 was published Mar 6, 2026

QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can... Moderate Unreviewed

CVE-2026-1468 was published Mar 6, 2026

Missing Authorization vulnerability in Rank Math Rank Math SEO PRO allows Exploiting Incorrectly... Moderate Unreviewed

CVE-2026-28080 was published Mar 6, 2026

The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does not properly handle batch... Unknown Unreviewed

CVE-2026-3589 was published Mar 6, 2026

An authenticated Zabbix user (User role) with template/host write permissions is able to create... Moderate Unreviewed

CVE-2026-23925 was published Mar 6, 2026

An attacker may access restricted filesystem areas on the device via the CROWN REST interface due... Critical Unreviewed

CVE-2026-2330 was published Mar 6, 2026

An attacker may perform unauthenticated read and write operations on sensitive filesystem areas... Critical Unreviewed

CVE-2026-2331 was published Mar 6, 2026

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress... Moderate Unreviewed

CVE-2026-2830 was published Mar 6, 2026

The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF... Unknown Unreviewed

CVE-2026-2446 was published Mar 6, 2026

The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting... Unknown Unreviewed

CVE-2026-1128 was published Mar 6, 2026

A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0... Moderate Unreviewed

CVE-2026-3616 was published Mar 6, 2026

A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the... High Unreviewed

CVE-2026-3613 was published Mar 6, 2026

A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function... High Unreviewed

CVE-2026-3612 was published Mar 6, 2026

A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this... Moderate Unreviewed

CVE-2026-3610 was published Mar 6, 2026

Sensitive information disclosure due to improper access control. The following products are... Moderate Unreviewed

CVE-2026-28726 was published Mar 6, 2026

Unauthorized report deletion due to insufficient access control. The following products are... Moderate Unreviewed

CVE-2026-28723 was published Mar 6, 2026

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows... Moderate Unreviewed

CVE-2026-24912 was published Mar 6, 2026

Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed

CVE-2026-27770 was published Mar 6, 2026

Unauthorized resource manipulation due to improper authorization checks. The following products... Moderate Unreviewed

CVE-2026-28719 was published Mar 6, 2026

Sensitive information disclosure and manipulation due to improper authentication. The following... High Unreviewed

CVE-2026-28710 was published Mar 6, 2026

The WebSocket Application Programming Interface lacks restrictions on the number of... High Unreviewed

CVE-2026-27778 was published Mar 6, 2026

Unauthorized resource manipulation due to improper authorization checks. The following products... Moderate Unreviewed

CVE-2026-28709 was published Mar 6, 2026

Information disclosure and manipulation due to improper authorization checks. The following... Moderate Unreviewed

CVE-2026-28716 was published Mar 6, 2026

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2026-2589 was published Mar 6, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

292,311 advisories