Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

24,963 advisories

Loading
The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-3361 was published Apr 23, 2026
The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is... Moderate Unreviewed
CVE-2026-2951 was published Apr 23, 2026
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-1923 was published Apr 23, 2026
IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability... Moderate Unreviewed
CVE-2026-4919 was published Apr 23, 2026
IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This... Moderate Unreviewed
CVE-2026-4918 was published Apr 23, 2026
OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender Moderate
GHSA-ffq5-qpvf-xq7x was published for openc3 (RubyGems) Apr 22, 2026
ctrlsill Credited to ctrlsill
An authenticated attacker can persist crafted values in multiple field types and trigger client... Moderate Unreviewed
CVE-2026-3837 was published Apr 22, 2026
An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript... Moderate Unreviewed
CVE-2026-3673 was published Apr 22, 2026
The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style'... Moderate Unreviewed
CVE-2026-3998 was published Apr 22, 2026
The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2026-4005 was published Apr 22, 2026
The Power Charts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-4011 was published Apr 22, 2026
The Quick Interest Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... High Unreviewed
CVE-2026-5694 was published Apr 22, 2026
The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id'... Moderate Unreviewed
CVE-2026-3659 was published Apr 22, 2026
The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API... High Unreviewed
CVE-2026-3643 was published Apr 22, 2026
The VI: Include Post By plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2026-5717 was published Apr 22, 2026
The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2026-2396 was published Apr 22, 2026
The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable... High Unreviewed
CVE-2026-2834 was published Apr 22, 2026
justhtml has sanitization bypass in custom policies and programmatic DOM Moderate
GHSA-vrx2-77f2-ww34 was published for justhtml (pip) Apr 22, 2026
EmilStenstrom Credited to EmilStenstrom
locize Client SDK: Cross-origin DOM XSS & Handler Hijack Through Missing e.origin Validation in InContext Editor High
GHSA-w937-fg2h-xhq2 was published for locize (npm) Apr 22, 2026
i18next-http-middleware: HTTP response splitting and DoS via unsanitised Content-Language header High
CVE-2026-41683 was published for i18next-http-middleware (npm) Apr 22, 2026
Marko: XSS via case-insensitive script/style closing tag bypass in runtime HTML escaping Moderate
CVE-2026-41591 was published for @marko/runtime-tags (npm) Apr 22, 2026
k0w4lzk1 Credited to k0w4lzk1
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6,... High Unreviewed
CVE-2026-5262 was published Apr 22, 2026
A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of... Moderate Unreviewed
CVE-2026-30139 was published Apr 22, 2026
Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows... Moderate Unreviewed
CVE-2024-58344 was published Apr 22, 2026
ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject... Moderate Unreviewed
CVE-2018-25269 was published Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database