Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3,600 advisories

Loading
AVideo Vulnerable to Reflected XSS via Unsanitized plugin Parameter in YPTWallet Stripe Payment Page High
CVE-2026-34375 was published for wwbn/avideo (Composer) Mar 30, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options High
CVE-2026-33941 was published for handlebars (npm) Mar 27, 2026
Gyde04 Credited to Gyde04
Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk) High
CVE-2026-33979 was published for express-xss-sanitizer (npm) Mar 27, 2026
Lissy93 Credited to Lissy93
The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with the 'image/svg... High Unreviewed
CVE-2026-5026 was published Mar 27, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2026-3457 was published Mar 27, 2026
LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write High
GHSA-pr3g-phhr-h8fh was published for librenms/librenms (Composer) Mar 26, 2026
YuriNek0 Credited to YuriNek0
The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple... High Unreviewed
CVE-2026-2231 was published Mar 26, 2026
WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the... High Unreviewed
CVE-2018-25210 was published Mar 26, 2026
The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... High Unreviewed
CVE-2026-4329 was published Mar 26, 2026
MantisBT has Stored HTML Injection/XSS when displaying Tags in Timeline High
CVE-2026-33548 was published for mantisbt/mantisbt (Composer) Mar 25, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation High
CVE-2026-33517 was published for mantisbt/mantisbt (Composer) Mar 25, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables High
CVE-2026-33673 was published for prestashop/prestashop (Composer) Mar 25, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-32545 was published Mar 25, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-32544 was published Mar 25, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-32517 was published Mar 25, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-32542 was published Mar 25, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-32540 was published Mar 25, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-32518 was published Mar 25, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-32526 was published Mar 25, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-32528 was published Mar 25, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-32532 was published Mar 25, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-32529 was published Mar 25, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-27088 was published Mar 25, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-27087 was published Mar 25, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9... High Unreviewed
CVE-2026-2995 was published Mar 25, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database