Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

3,006 advisories

Loading
The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable... High Unreviewed
CVE-2026-3231 was published Mar 11, 2026
The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed
CVE-2026-3178 was published Mar 11, 2026
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable... High Unreviewed
CVE-2026-1454 was published Mar 11, 2026
The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before... High Unreviewed
CVE-2026-2466 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... High Unreviewed
CVE-2026-21361 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... High Unreviewed
CVE-2026-21311 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... High Unreviewed
CVE-2026-21284 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... High Unreviewed
CVE-2026-21290 was published Mar 11, 2026
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that... High Unreviewed
CVE-2026-2266 was published Mar 10, 2026
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2026-2724 was published Mar 10, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft... High Unreviewed
CVE-2026-26144 was published Mar 10, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft... High Unreviewed
CVE-2026-26105 was published Mar 10, 2026
The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz... High Unreviewed
CVE-2026-1261 was published Mar 10, 2026
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was... High Unreviewed
CVE-2025-70038 was published Mar 9, 2026
The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar... High Unreviewed
CVE-2026-1074 was published Mar 7, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-28112 was published Mar 5, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-28122 was published Mar 5, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-28109 was published Mar 5, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-28113 was published Mar 5, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-28130 was published Mar 5, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-28127 was published Mar 5, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-28110 was published Mar 5, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-28137 was published Mar 5, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-28126 was published Mar 5, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-28102 was published Mar 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database