Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,894
Maven
5,000+
npm
5,000+
NuGet
963
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

114,869 advisories

Loading
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable... High Unreviewed
CVE-2026-9018 was published May 22, 2026
The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter... High Unreviewed
CVE-2026-4834 was published May 22, 2026
A malicious actor with access to the network and low privileges could exploit a Path Traversal... High Unreviewed
CVE-2026-34911 was published May 22, 2026
Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the install_package() method of... High Unreviewed
CVE-2026-8421 was published May 21, 2026
Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to ... High Unreviewed
CVE-2026-8426 was published May 21, 2026
Concrete CMS 9.5.0 and below emits a CSRF token in the local_available_update.php view ($token-... High Unreviewed
CVE-2026-8428 was published May 21, 2026
Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to ... High Unreviewed
CVE-2026-8417 was published May 21, 2026
Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not... High Unreviewed
CVE-2026-8203 was published May 21, 2026
Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment... High Unreviewed
CVE-2026-8350 was published May 21, 2026
LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update... High Unreviewed
CVE-2026-47102 was published May 21, 2026
Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to ... High Unreviewed
CVE-2026-8140 was published May 21, 2026
Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth... High Unreviewed
CVE-2026-8197 was published May 21, 2026
Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure... High Unreviewed
CVE-2026-8135 was published May 21, 2026
LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to... High Unreviewed
CVE-2026-47101 was published May 21, 2026
IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote... High Unreviewed
CVE-2026-47114 was published May 21, 2026
Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated... High Unreviewed
CVE-2026-46473 was published May 21, 2026
Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php... High Unreviewed
CVE-2026-48247 was published May 21, 2026
Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by... High Unreviewed
CVE-2026-48248 was published May 21, 2026
Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by... High Unreviewed
CVE-2026-48246 was published May 21, 2026
Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile_login.inc... High Unreviewed
CVE-2026-48249 was published May 21, 2026
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobile_main.php... High Unreviewed
CVE-2026-48238 was published May 21, 2026
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the... High Unreviewed
CVE-2026-48237 was published May 21, 2026
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the... High Unreviewed
CVE-2026-48236 was published May 21, 2026
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where... High Unreviewed
CVE-2026-48239 was published May 21, 2026
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php... High Unreviewed
CVE-2026-48235 was published May 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database