Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

3,742 advisories

Loading
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed
CVE-2026-7634 was published May 28, 2026
The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable... High Unreviewed
CVE-2026-7052 was published May 28, 2026
The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting... High Unreviewed
CVE-2026-2374 was published May 28, 2026
Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend High
CVE-2026-45368 was published for getkirby/cms (Composer) May 27, 2026
offset Credited to offset
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42754 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42759 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42762 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42728 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42733 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42729 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42738 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42734 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42739 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22741 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-52747 was published May 27, 2026
The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed
CVE-2026-8143 was published May 27, 2026
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp... High Unreviewed
CVE-2026-3375 was published May 27, 2026
The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the... High Unreviewed
CVE-2026-6268 was published May 27, 2026
Kirby CMS vulnerable to cross-site scripting (XSS) from list field content in the site frontend High
CVE-2026-44175 was published for getkirby/cms (Composer) May 26, 2026
offset Credited to offset
Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandbox in Builder Preview High
CVE-2026-28445 was published for @typebot.io/js (npm) May 26, 2026
bugbunny-research Credited to bugbunny-research
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization... High Unreviewed
CVE-2026-48848 was published May 26, 2026
Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not... High Unreviewed
CVE-2026-8203 was published May 21, 2026
Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth... High Unreviewed
CVE-2026-8197 was published May 21, 2026
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting... High Unreviewed
CVE-2026-9144 was published May 20, 2026
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2026-7613 was published May 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database