GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 30,937
Composer 5,855
Erlang 70
GitHub Actions 52
Go 3,894
Maven 6,588
npm 6,288
NuGet 963
pip 5,143
Pub 13
RubyGems 1,061
Rust 1,373
Swift 54

Unreviewed advisories

All unreviewed 303,299

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

145,165 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration... Moderate Unreviewed

CVE-2026-44409 was published May 22, 2026

The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due... Moderate Unreviewed

CVE-2026-7249 was published May 22, 2026

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin... Moderate Unreviewed

CVE-2026-7509 was published May 22, 2026

Mothra would respect a default value given by a website for HTML file upload forms. An attacker... Moderate Unreviewed

CVE-2026-9053 was published May 22, 2026

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2026-4070 was published May 22, 2026

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed

CVE-2026-6864 was published May 22, 2026

The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and... Moderate Unreviewed

CVE-2026-2518 was published May 22, 2026

The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2026-3481 was published May 22, 2026

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would... Moderate Unreviewed

CVE-2026-8337 was published May 22, 2026

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML... Moderate Unreviewed

CVE-2026-8245 was published May 22, 2026

In Concrete CMS 9.5.0 and below, the submit_password() method in concrete/controllers... Moderate Unreviewed

CVE-2026-7879 was published May 22, 2026

Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference (IDOR) in the Express... Moderate Unreviewed

CVE-2026-7881 was published May 22, 2026

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The `/ccm/frontend/conversations... Moderate Unreviewed

CVE-2026-8237 was published May 22, 2026

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/message_page... Moderate Unreviewed

CVE-2026-8238 was published May 22, 2026

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/get_rating'... Moderate Unreviewed

CVE-2026-8239 was published May 22, 2026

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across... Moderate Unreviewed

CVE-2026-8240 was published May 22, 2026

Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and... Moderate Unreviewed

CVE-2026-8327 was published May 22, 2026

Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate.... Moderate Unreviewed

CVE-2026-8236 was published May 22, 2026

Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template... Moderate Unreviewed

CVE-2026-22678 was published May 22, 2026

Simple Hierarchical Select (SHS) for Drupal 7 contains cross-site scripting risk due to improper... Moderate Unreviewed

CVE-2026-4929 was published May 22, 2026

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter... Moderate Unreviewed

CVE-2026-4093 was published May 22, 2026

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since... Moderate Unreviewed

CVE-2026-8205 was published May 21, 2026

Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend... Moderate Unreviewed

CVE-2026-8204 was published May 21, 2026

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclosure via missing... Moderate Unreviewed

CVE-2026-6826 was published May 21, 2026

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due... Moderate Unreviewed

CVE-2026-4843 was published May 21, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

145,165 advisories