Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3,598 advisories

Loading
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2026-5425 was published Apr 4, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-27655 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-3880 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-3879 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-4107 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-4108 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-28703 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-28756 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-28754 was published Apr 3, 2026
Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version... High Unreviewed
CVE-2026-5429 was published Apr 2, 2026
A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an... High Unreviewed
CVE-2026-2737 was published Apr 2, 2026
dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration High
CVE-2026-34725 was published for dbgate-web (npm) Apr 1, 2026
ngocnn97 Credited to ngocnn97
@payloadcms/next has Stored XSS in Admin Panel High
CVE-2026-34748 was published for @payloadcms/next (npm) Apr 1, 2026
A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the... High Unreviewed
CVE-2026-3877 was published Apr 1, 2026
SiYuan vulnerable to reflected XSS via SVG namespace prefix bypass in SanitizeSVG (getDynamicIcon, unauthenticated) High
CVE-2026-34605 was published for github.com/siyuan-note/siyuan/kernel (Go) Apr 1, 2026
fg0x0 Credited to fg0x0
YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter" High
CVE-2026-34598 was published for yeswiki/yeswiki (Composer) Apr 1, 2026
kh0kamoni Credited to kh0kamoni
SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution High
CVE-2026-34585 was published for github.com/siyuan-note/siyuan/kernel (Go) Apr 1, 2026
ngocnn97 Credited to ngocnn97
File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file High
CVE-2026-34529 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 31, 2026
tomasvanagas Credited to tomasvanagas
baserCMS is Vulnerable to Cross-site Scripting High
CVE-2026-32734 was published for baserproject/basercms (Composer) Mar 31, 2026
Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows... High Unreviewed
CVE-2026-20915 was published Mar 31, 2026
Stored cross-site scripting (XSS) in Checkmk 2.5.0 (beta) before 2.5.0b2 allows authenticated... High Unreviewed
CVE-2026-33276 was published Mar 31, 2026
A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA... High Unreviewed
CVE-2025-10551 was published Mar 31, 2026
A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA... High Unreviewed
CVE-2025-10553 was published Mar 31, 2026
AVideo Vulnerable to Reflected XSS via Unsanitized plugin Parameter in YPTWallet Stripe Payment Page High
CVE-2026-34375 was published for wwbn/avideo (Composer) Mar 30, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options High
CVE-2026-33941 was published for handlebars (npm) Mar 27, 2026
Gyde04 Credited to Gyde04
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database