GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 29,402
Composer 5,653
Erlang 49
GitHub Actions 50
Go 3,599
Maven 6,431
npm 5,897
NuGet 924
pip 4,828
Pub 13
RubyGems 1,045
Rust 1,256
Swift 53

Unreviewed advisories

All unreviewed 299,274

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

143,252 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI... Moderate Unreviewed

CVE-2026-41472 was published Apr 24, 2026

A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low... Moderate Unreviewed

CVE-2025-67259 was published Apr 24, 2026

In Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution... Moderate Unreviewed

CVE-2025-59308 was published Apr 24, 2026

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection... Moderate Unreviewed

CVE-2026-42095 was published Apr 24, 2026

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a... Moderate Unreviewed

CVE-2026-5265 was published Apr 24, 2026

Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via... Moderate Unreviewed

CVE-2025-61872 was published Apr 24, 2026

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user... Moderate Unreviewed

CVE-2026-40690 was published Apr 24, 2026

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in... Moderate Unreviewed

CVE-2026-38743 was published Apr 24, 2026

Cross Site Scripting vulnerability in Hostbill v.2025-11-24 and 2025-12-01 allows a remote... Moderate Unreviewed

CVE-2026-31050 was published Apr 24, 2026

An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of... Moderate Unreviewed

CVE-2026-31052 was published Apr 24, 2026

Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This... Moderate Unreviewed

CVE-2025-62233 was published Apr 24, 2026

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed

CVE-2026-41043 was published Apr 24, 2026

The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-11762 was published Apr 24, 2026

The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to... Moderate Unreviewed

CVE-2026-3565 was published Apr 24, 2026

The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all... Moderate Unreviewed

CVE-2026-3569 was published Apr 24, 2026

The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple... Moderate Unreviewed

CVE-2026-4078 was published Apr 24, 2026

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up... Moderate Unreviewed

CVE-2026-5347 was published Apr 24, 2026

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2026-5428 was published Apr 24, 2026

The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2026-5488 was published Apr 24, 2026

The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and... Moderate Unreviewed

CVE-2026-6393 was published Apr 24, 2026

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed

CVE-2026-6810 was published Apr 24, 2026

The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to... Moderate Unreviewed

CVE-2026-2028 was published Apr 24, 2026

A vulnerability in the browser-based remote management interface may allow an administrator to... Moderate Unreviewed

CVE-2026-1789 was published Apr 24, 2026

A vulnerability exists in SenseLive X3050’s web management interface due to improper session... Moderate Unreviewed

CVE-2026-25720 was published Apr 24, 2026

In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the... Moderate Unreviewed

CVE-2026-29197 was published Apr 24, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

143,252 advisories