Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

159,176 advisories

Loading
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-24938 was published Feb 3, 2026
Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows... Moderate Unreviewed
CVE-2026-24940 was published Feb 3, 2026
Missing Authorization vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery... Moderate Unreviewed
CVE-2026-24939 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam WpEvently mage-eventpress... Moderate Unreviewed
CVE-2026-24942 was published Feb 3, 2026
Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio... Moderate Unreviewed
CVE-2026-24947 was published Feb 3, 2026
Django has an SQL Injection issue Moderate
CVE-2026-1312 was published for Django (pip) Feb 3, 2026
sunnypatell Credited to sunnypatell
Moodle has an authorization logic flaw Moderate
CVE-2025-67856 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle vulnerable to Cross-site Scripting Moderate
CVE-2025-67855 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle Inserts Sensitive Information Into Sent Data Moderate
CVE-2025-67857 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle formula injection vulnerability Moderate
CVE-2025-67851 was published for moodle/moodle (Composer) Feb 3, 2026
Stored Cross-Site Scripting (XSS) vulnerability type in LUNA software v7.5.5.6. This... Moderate Unreviewed
CVE-2025-41065 was published Feb 3, 2026
Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the... Moderate Unreviewed
CVE-2026-1591 was published Feb 3, 2026
Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the... Moderate Unreviewed
CVE-2026-1592 was published Feb 3, 2026
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-1371 was published Feb 3, 2026
For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the... Moderate Unreviewed
CVE-2026-24449 was published Feb 3, 2026
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2026-1210 was published Feb 3, 2026
The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2026-1447 was published Feb 3, 2026
Cross-site request forgery vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. If a user... Moderate Unreviewed
CVE-2026-20704 was published Feb 3, 2026
A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with... Moderate Unreviewed
CVE-2025-58381 was published Feb 3, 2026
A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with... Moderate Unreviewed
CVE-2025-58380 was published Feb 3, 2026
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2025-14274 was published Feb 3, 2026
The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is... Moderate Unreviewed
CVE-2026-0950 was published Feb 3, 2026
The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all... Moderate Unreviewed
CVE-2026-0909 was published Feb 3, 2026
: Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux (QUIC protocol... Moderate Unreviewed
CVE-2026-1788 was published Feb 3, 2026
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the... Moderate Unreviewed
CVE-2026-24935 was published Feb 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database