Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

35,636 advisories

Loading
Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform... Moderate Unreviewed
CVE-2016-20054 was published Apr 4, 2026
MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to... Moderate Unreviewed
CVE-2018-25247 was published Apr 4, 2026
MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows... Moderate Unreviewed
CVE-2018-25249 was published Apr 4, 2026
MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows... Moderate Unreviewed
CVE-2018-25248 was published Apr 4, 2026
MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting... Moderate Unreviewed
CVE-2018-25250 was published Apr 4, 2026
The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin... Moderate Unreviewed
CVE-2026-0626 was published Apr 4, 2026
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2025-13368 was published Apr 4, 2026
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction &... Moderate Unreviewed
CVE-2025-15064 was published Apr 4, 2026
The Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2026-0552 was published Apr 4, 2026
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2026-0664 was published Apr 4, 2026
The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2026-0738 was published Apr 4, 2026
The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2026-0737 was published Apr 4, 2026
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is... Moderate Unreviewed
CVE-2026-2437 was published Apr 4, 2026
The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2026-2600 was published Apr 4, 2026
The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is... Moderate Unreviewed
CVE-2026-2924 was published Apr 4, 2026
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2026-2949 was published Apr 4, 2026
Hugo: Certain markdown links are not properly escaped Moderate
CVE-2026-35166 was published for github.com/gohugoio/hugo (Go) Apr 3, 2026
cataliniovita Credited to cataliniovita
A security flaw has been discovered in Casdoor 2.356.0. This affects the function... Moderate Unreviewed
CVE-2026-5468 was published Apr 3, 2026
Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode Moderate
CVE-2026-35539 was published for roundcube/roundcubemail (Composer) Apr 3, 2026
D-Tale: Remote Code Execution through redis/shelf storage Moderate
CVE-2026-35052 was published for dtale (pip) Apr 3, 2026
QiaoNPC Credited to QiaoNPC
Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters, Moderate Unreviewed
CVE-2026-35508 was published Apr 3, 2026
XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as... Moderate Unreviewed
CVE-2026-35466 was published Apr 2, 2026
A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen... Moderate Unreviewed
CVE-2026-30251 was published Apr 2, 2026
Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of... Moderate Unreviewed
CVE-2026-30252 was published Apr 2, 2026
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the... Moderate Unreviewed
CVE-2026-34822 was published Apr 2, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database