Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

41,344 advisories

Loading
The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is... Moderate Unreviewed
CVE-2026-2924 was published Apr 4, 2026
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2026-2949 was published Apr 4, 2026
Hugo: Certain markdown links are not properly escaped Moderate
CVE-2026-35166 was published for github.com/gohugoio/hugo (Go) Apr 3, 2026
cataliniovita Credited to cataliniovita
A security flaw has been discovered in Casdoor 2.356.0. This affects the function... Moderate Unreviewed
CVE-2026-5468 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-27655 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-3880 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-3879 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-4107 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-4108 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-28703 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-28756 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-28754 was published Apr 3, 2026
Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode Moderate
CVE-2026-35539 was published for roundcube/roundcubemail (Composer) Apr 3, 2026
CI4MS: Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS Critical
CVE-2026-34989 was published for ci4-cms-erp/ci4ms (Composer) Apr 3, 2026
bugmithlegend Credited to bugmithlegend and peeefour peeefour peeefour
D-Tale: Remote Code Execution through redis/shelf storage Moderate
CVE-2026-35052 was published for dtale (pip) Apr 3, 2026
QiaoNPC Credited to QiaoNPC
Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters, Moderate Unreviewed
CVE-2026-35508 was published Apr 3, 2026
TeleJSON: DOM XSS via unsanitised constructor name in `new Function()` Low
GHSA-ccgf-5rwj-j3hv was published for telejson (npm) Apr 2, 2026
Niccolo10 Credited to Niccolo10
XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as... Moderate Unreviewed
CVE-2026-35466 was published Apr 2, 2026
A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen... Moderate Unreviewed
CVE-2026-30251 was published Apr 2, 2026
Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of... Moderate Unreviewed
CVE-2026-30252 was published Apr 2, 2026
Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version... High Unreviewed
CVE-2026-5429 was published Apr 2, 2026
Krayin CRM is vulnerable to Cross-site Scripting (XSS) Low
CVE-2026-5370 was published for krayin/laravel-crm (Composer) Apr 2, 2026
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark... Moderate Unreviewed
CVE-2026-34818 was published Apr 2, 2026
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the... Moderate Unreviewed
CVE-2026-34822 was published Apr 2, 2026
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK... Moderate Unreviewed
CVE-2026-34819 was published Apr 2, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database