GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
43,476 advisories
Filter by severity
luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated...
High
Unreviewed
CVE-2026-61875
was published
Jul 12, 2026
LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables,...
Critical
Unreviewed
CVE-2026-61876
was published
Jul 12, 2026
A vulnerability was detected in Akpali9 Attendance-Management-System up to...
Moderate
Unreviewed
CVE-2026-15493
was published
Jul 12, 2026
A security vulnerability has been detected in igweze wizgrade up to...
Low
Unreviewed
CVE-2026-15492
was published
Jul 12, 2026
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site...
High
Unreviewed
CVE-2026-6939
was published
Jul 11, 2026
The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions...
Moderate
Unreviewed
CVE-2026-15010
was published
Jul 11, 2026
The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable...
Moderate
Unreviewed
CVE-2026-12126
was published
Jul 11, 2026
The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin...
Moderate
Unreviewed
CVE-2026-11898
was published
Jul 11, 2026
The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
Moderate
Unreviewed
CVE-2026-11591
was published
Jul 11, 2026
The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
Moderate
Unreviewed
CVE-2026-1382
was published
Jul 11, 2026
The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2026-9738
was published
Jul 11, 2026
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross...
High
Unreviewed
CVE-2026-13378
was published
Jul 11, 2026
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...
Moderate
Unreviewed
CVE-2026-15097
was published
Jul 11, 2026
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map...
Moderate
Unreviewed
CVE-2026-15096
was published
Jul 11, 2026
The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2025-13968
was published
Jul 11, 2026
The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2026-5743
was published
Jul 11, 2026
The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is...
Moderate
Unreviewed
CVE-2026-12141
was published
Jul 11, 2026
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2026-13114
was published
Jul 11, 2026
The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2026-3367
was published
Jul 11, 2026
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")...
Unknown
Unreviewed
CVE-2026-58587
was published
Jul 11, 2026
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")...
Unknown
Unreviewed
CVE-2026-58591
was published
Jul 11, 2026
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")...
Unknown
Unreviewed
CVE-2026-58588
was published
Jul 11, 2026
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")...
Unknown
Unreviewed
CVE-2026-55808
was published
Jul 11, 2026
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")...
Unknown
Unreviewed
CVE-2026-15085
was published
Jul 11, 2026
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")...
Unknown
Unreviewed
CVE-2026-15084
was published
Jul 11, 2026
ProTip!
Advisories are also available from the
GraphQL API