GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 26,868
Composer 5,288
Erlang 41
GitHub Actions 42
Go 3,114
Maven 6,288
npm 5,007
NuGet 826
pip 4,428
Pub 12
RubyGems 988
Rust 1,171
Swift 50

Unreviewed advisories

All unreviewed 292,409

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

292,409 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt:... Moderate Unreviewed

CVE-2026-3664 was published Mar 7, 2026

A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function... Moderate Unreviewed

CVE-2026-3663 was published Mar 7, 2026

A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function ota_new_upgrade of... Moderate Unreviewed

CVE-2026-3661 was published Mar 7, 2026

A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the... Moderate Unreviewed

CVE-2026-3662 was published Mar 7, 2026

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all... Unknown Unreviewed

CVE-2026-24308 was published Mar 7, 2026

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2026-2420 was published Mar 7, 2026

The Infomaniak Connect for OpenID plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2026-1824 was published Mar 7, 2026

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP... Unknown Unreviewed

CVE-2026-24281 was published Mar 7, 2026

The Show YouTube video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2026-1825 was published Mar 7, 2026

The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2026-1823 was published Mar 7, 2026

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress... Moderate Unreviewed

CVE-2026-2433 was published Mar 7, 2026

The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2026-1820 was published Mar 7, 2026

It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does... Unknown Unreviewed

CVE-2026-2219 was published Mar 7, 2026

The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed

CVE-2026-1071 was published Mar 7, 2026

The Guardian News Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2026-1087 was published Mar 7, 2026

The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar... High Unreviewed

CVE-2026-1074 was published Mar 7, 2026

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient... High Unreviewed

CVE-2025-14675 was published Mar 7, 2026

The DA Media GigList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2026-1805 was published Mar 7, 2026

The Wueen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed

CVE-2026-1569 was published Mar 7, 2026

The MyQtip – easy qTip2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2026-1574 was published Mar 7, 2026

The Font Pairing Preview For Landing Pages plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed

CVE-2026-1086 was published Mar 7, 2026

The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2026-1073 was published Mar 7, 2026

The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2026-1085 was published Mar 7, 2026

The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to... High Unreviewed

CVE-2025-8899 was published Mar 7, 2026

The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up... High Unreviewed

CVE-2026-2020 was published Mar 7, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

292,409 advisories