GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 28,407
Composer 5,538
Erlang 49
GitHub Actions 49
Go 3,405
Maven 6,358
npm 5,578
NuGet 882
pip 4,641
Pub 13
RubyGems 1,026
Rust 1,209
Swift 53

Unreviewed advisories

All unreviewed 296,313

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

3,006 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed

CVE-2026-2936 was published Apr 4, 2026

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed

CVE-2026-5425 was published Apr 4, 2026

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed

CVE-2026-27655 was published Apr 3, 2026

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed

CVE-2026-3880 was published Apr 3, 2026

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed

CVE-2026-3879 was published Apr 3, 2026

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed

CVE-2026-4108 was published Apr 3, 2026

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed

CVE-2026-4107 was published Apr 3, 2026

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed

CVE-2026-28703 was published Apr 3, 2026

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed

CVE-2026-28756 was published Apr 3, 2026

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in... High Unreviewed

CVE-2026-28754 was published Apr 3, 2026

Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version... High Unreviewed

CVE-2026-5429 was published Apr 2, 2026

A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an... High Unreviewed

CVE-2026-2737 was published Apr 2, 2026

A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the... High Unreviewed

CVE-2026-3877 was published Apr 1, 2026

Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows... High Unreviewed

CVE-2026-20915 was published Mar 31, 2026

Stored cross-site scripting (XSS) in Checkmk 2.5.0 (beta) before 2.5.0b2 allows authenticated... High Unreviewed

CVE-2026-33276 was published Mar 31, 2026

A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA... High Unreviewed

CVE-2025-10551 was published Mar 31, 2026

A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA... High Unreviewed

CVE-2025-10553 was published Mar 31, 2026

The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with the 'image/svg... High Unreviewed

CVE-2026-5026 was published Mar 27, 2026

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed

CVE-2026-3457 was published Mar 27, 2026

The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple... High Unreviewed

CVE-2026-2231 was published Mar 26, 2026

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the... High Unreviewed

CVE-2018-25210 was published Mar 26, 2026

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... High Unreviewed

CVE-2026-4329 was published Mar 26, 2026

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed

CVE-2026-32545 was published Mar 25, 2026

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed

CVE-2026-32544 was published Mar 25, 2026

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed

CVE-2026-32542 was published Mar 25, 2026

Previous1…121 Next

Previous 1 2 3 4 5 … 120 121 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

3,006 advisories