GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 30,937
Composer 5,855
Erlang 70
GitHub Actions 52
Go 3,894
Maven 6,588
npm 6,288
NuGet 963
pip 5,143
Pub 13
RubyGems 1,061
Rust 1,373
Swift 54

Unreviewed advisories

All unreviewed 303,288

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

145,157 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would... Moderate Unreviewed

CVE-2026-8337 was published May 22, 2026

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML... Moderate Unreviewed

CVE-2026-8245 was published May 22, 2026

In Concrete CMS 9.5.0 and below, the submit_password() method in concrete/controllers... Moderate Unreviewed

CVE-2026-7879 was published May 22, 2026

Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference (IDOR) in the Express... Moderate Unreviewed

CVE-2026-7881 was published May 22, 2026

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The `/ccm/frontend/conversations... Moderate Unreviewed

CVE-2026-8237 was published May 22, 2026

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/message_page... Moderate Unreviewed

CVE-2026-8238 was published May 22, 2026

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/get_rating'... Moderate Unreviewed

CVE-2026-8239 was published May 22, 2026

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across... Moderate Unreviewed

CVE-2026-8240 was published May 22, 2026

Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate.... Moderate Unreviewed

CVE-2026-8236 was published May 22, 2026

Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and... Moderate Unreviewed

CVE-2026-8327 was published May 22, 2026

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter... Moderate Unreviewed

CVE-2026-4093 was published May 22, 2026

Simple Hierarchical Select (SHS) for Drupal 7 contains cross-site scripting risk due to improper... Moderate Unreviewed

CVE-2026-4929 was published May 22, 2026

Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template... Moderate Unreviewed

CVE-2026-22678 was published May 22, 2026

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since... Moderate Unreviewed

CVE-2026-8205 was published May 21, 2026

Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend... Moderate Unreviewed

CVE-2026-8204 was published May 21, 2026

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclosure via missing... Moderate Unreviewed

CVE-2026-6826 was published May 21, 2026

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due... Moderate Unreviewed

CVE-2026-4843 was published May 21, 2026

Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in settings.inc.php that... Moderate Unreviewed

CVE-2026-48244 was published May 21, 2026

Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is... Moderate Unreviewed

CVE-2026-48245 was published May 21, 2026

Open ISES Tickets before 3.44.2 embeds a hardcoded WhitePages reverse-phone API key in wp1.php... Moderate Unreviewed

CVE-2026-48243 was published May 21, 2026

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics214... Moderate Unreviewed

CVE-2026-48224 was published May 21, 2026

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in... Moderate Unreviewed

CVE-2026-48223 was published May 21, 2026

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in... Moderate Unreviewed

CVE-2026-48217 was published May 21, 2026

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in... Moderate Unreviewed

CVE-2026-48226 was published May 21, 2026

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in... Moderate Unreviewed

CVE-2026-48227 was published May 21, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

145,157 advisories