Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

335,683 advisories

Loading
The Geo Mashup plugin for WordPress is vulnerable to authorization bypass in all versions up to,... Moderate Unreviewed
CVE-2026-7552 was published May 28, 2026
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction,... Moderate Unreviewed
CVE-2026-7651 was published May 28, 2026
A stored cross-site scripting (XSS) vulnerability exists in the notification panel of CTI... Moderate Unreviewed
CVE-2026-9806 was published May 28, 2026
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a... Moderate Unreviewed
CVE-2024-47096 was published May 28, 2026
The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all... Moderate Unreviewed
CVE-2026-6427 was published May 28, 2026
A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When... High Unreviewed
CVE-2026-44604 was published May 28, 2026
SpiceDB's SPICEDB_DATASTORE_CONN_URI is leaked on startup logs Moderate
CVE-2026-40091 was published for github.com/authzed/spicedb (Go) Apr 14, 2026
juupas Credited to juupas and miparnisari miparnisari miparnisari
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote... High Unreviewed
CVE-2026-9009 was published May 28, 2026
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in... High Unreviewed
CVE-2026-7802 was published May 28, 2026
Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection... Moderate Unreviewed
CVE-2026-9673 was published May 28, 2026
A flaw was found in Keycloak, an open-source identity and access management solution. When a user... Moderate Unreviewed
CVE-2026-9798 was published May 28, 2026
The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in... Moderate Unreviewed
CVE-2026-3173 was published May 28, 2026
The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-7533 was published May 28, 2026
A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol... Moderate Unreviewed
CVE-2026-9792 was published May 28, 2026
A flaw was found in Keycloak. An authenticated user with existing organization membership can... Moderate Unreviewed
CVE-2026-9791 was published May 28, 2026
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-9241 was published May 28, 2026
A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is... Moderate Unreviewed
CVE-2026-9793 was published May 28, 2026
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure... Moderate Unreviewed
CVE-2026-9228 was published May 28, 2026
A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability... Moderate Unreviewed
CVE-2026-9794 was published May 28, 2026
A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator... High Unreviewed
CVE-2026-9795 was published May 28, 2026
A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can... Moderate Unreviewed
CVE-2026-9796 was published May 28, 2026
A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm... Moderate Unreviewed
CVE-2026-9801 was published May 28, 2026
A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated... Moderate Unreviewed
CVE-2026-9803 was published May 28, 2026
The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-9644 was published May 28, 2026
A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session... Moderate Unreviewed
CVE-2026-9802 was published May 28, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database