Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,946
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

300,993 advisories

Loading
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2026-8080 was published May 7, 2026
Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing... Moderate Unreviewed
CVE-2026-6805 was published May 7, 2026
An improper input validation, together with an overly permissive default CORS configuration in... High Unreviewed
CVE-2026-28201 was published May 7, 2026
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the... High Unreviewed
CVE-2026-33588 was published May 7, 2026
Improper neutralization of input during web page generation ('cross-site scripting')... High Unreviewed
CVE-2026-3953 was published May 7, 2026
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the... High Unreviewed
CVE-2026-33589 was published May 7, 2026
Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute... Critical Unreviewed
CVE-2026-33587 was published May 7, 2026
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared... High Unreviewed
CVE-2026-42010 was published May 7, 2026
Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute... Critical Unreviewed
CVE-2026-6508 was published May 7, 2026
Cross-Site Request Forgery (CSRF) vulnerability in PluginUs.Net BEAR allows Cross Site Request... Moderate Unreviewed
CVE-2026-27415 was published May 7, 2026
Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery. ... Moderate Unreviewed
CVE-2025-68604 was published May 7, 2026
Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist... Moderate Unreviewed
CVE-2026-27329 was published May 7, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-25468 was published May 7, 2026
Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting... Moderate Unreviewed
CVE-2026-25436 was published May 7, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-27421 was published May 7, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-68060 was published May 7, 2026
A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may... Moderate Unreviewed
CVE-2026-44407 was published May 7, 2026
Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-27416 was published May 7, 2026
ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since... Moderate Unreviewed
CVE-2026-44406 was published May 7, 2026
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual... High Unreviewed
CVE-2025-9661 was published May 7, 2026
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in... High Unreviewed
CVE-2025-1978 was published May 7, 2026
A low privileged remote attacker can gain the root password due to improper removal of sensitive... High Unreviewed
CVE-2024-43384 was published May 7, 2026
Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation... Moderate Unreviewed
CVE-2025-66105 was published May 7, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62127 was published May 7, 2026
Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual... Moderate Unreviewed
CVE-2025-2514 was published May 7, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database