Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3,600 advisories

Loading
Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that... High Unreviewed
CVE-2019-25676 was published Apr 5, 2026
The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2026-2936 was published Apr 4, 2026
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2026-5425 was published Apr 4, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-27655 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-28703 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-28756 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-28754 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-3880 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-3879 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-4108 was published Apr 3, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed
CVE-2026-4107 was published Apr 3, 2026
A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the... High Unreviewed
CVE-2026-3877 was published Apr 1, 2026
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in... High Unreviewed
CVE-2025-43338 was published Nov 4, 2025
Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version... High Unreviewed
CVE-2026-5429 was published Apr 2, 2026
A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an... High Unreviewed
CVE-2026-2737 was published Apr 2, 2026
Stored cross-site scripting (XSS) in Checkmk 2.5.0 (beta) before 2.5.0b2 allows authenticated... High Unreviewed
CVE-2026-33276 was published Mar 31, 2026
Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows... High Unreviewed
CVE-2026-20915 was published Mar 31, 2026
dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration High
CVE-2026-34725 was published for dbgate-web (npm) Apr 1, 2026
ngocnn97 Credited to ngocnn97
@payloadcms/next has Stored XSS in Admin Panel High
CVE-2026-34748 was published for @payloadcms/next (npm) Apr 1, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-43334 was published Jul 7, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-39539 was published Jun 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-25121 was published Mar 3, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22794 was published Feb 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-56056 was published Jan 7, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-24694 was published Mar 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database