Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

159,159 advisories

Loading
n8n Vulnerable to LDAP Filter Injection in LDAP Node Moderate
CVE-2026-33751 was published for n8n (npm) Mar 26, 2026
allsmog Credited to allsmog
n8n Vulnerable to XSS via Binary Data Inline HTML Rendering Moderate
CVE-2026-33749 was published for n8n (npm) Mar 26, 2026
simonkoeck Credited to simonkoeck
Hydra has Reflected XSS via error_hint parameter Moderate
CVE-2019-8400 was published for github.com/ory/hydra (Go) May 14, 2022
Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect... Moderate Unreviewed
CVE-2026-32541 was published Mar 25, 2026
Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support... Moderate Unreviewed
CVE-2026-32535 was published Mar 25, 2026
The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor... Moderate Unreviewed
CVE-2025-15433 was published Mar 26, 2026
The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution... Moderate Unreviewed
CVE-2025-15488 was published Mar 26, 2026
The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings... Moderate Unreviewed
CVE-2026-1430 was published Mar 26, 2026
The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route,... Moderate Unreviewed
CVE-2026-1890 was published Mar 26, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26... Moderate Unreviewed
CVE-2026-28857 was published Mar 25, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2026-20607 was published Mar 25, 2026
SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting... Moderate Unreviewed
CVE-2026-28298 was published Mar 26, 2026
HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow... Moderate Unreviewed
CVE-2025-55264 was published Mar 26, 2026
A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This... Moderate Unreviewed
CVE-2026-4877 was published Mar 26, 2026
A vulnerability was identified in itsourcecode Free Hotel Reservation System 1.0. The impacted... Moderate Unreviewed
CVE-2026-4876 was published Mar 26, 2026
SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting... Moderate Unreviewed
CVE-2026-28297 was published Mar 26, 2026
Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that... Moderate Unreviewed
CVE-2018-25215 was published Mar 26, 2026
The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-1032 was published Mar 26, 2026
A flaw was found in polkit. A local user can exploit this by providing a specially crafted,... Moderate Unreviewed
CVE-2026-4897 was published Mar 26, 2026
HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for... Moderate Unreviewed
CVE-2025-55269 was published Mar 26, 2026
HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue... Moderate Unreviewed
CVE-2025-55265 was published Mar 26, 2026
MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the... Moderate Unreviewed
CVE-2018-25214 was published Mar 26, 2026
A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected... Moderate Unreviewed
CVE-2026-4875 was published Mar 26, 2026
AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash... Moderate Unreviewed
CVE-2018-25216 was published Mar 26, 2026
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-2389 was published Mar 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database