GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 31,043
Composer 5,887
Erlang 70
GitHub Actions 52
Go 3,904
Maven 6,602
npm 6,308
NuGet 967
pip 5,167
Pub 13
RubyGems 1,062
Rust 1,374
Swift 54

Unreviewed advisories

All unreviewed 304,499

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

36,584 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2026-4334 was published May 28, 2026

The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed

CVE-2026-7660 was published May 28, 2026

A stored cross-site scripting (XSS) vulnerability exists in the notification panel of CTI... Moderate Unreviewed

CVE-2026-9806 was published May 28, 2026

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a... Moderate Unreviewed

CVE-2024-47097 was published May 28, 2026

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a... Moderate Unreviewed

CVE-2024-47096 was published May 28, 2026

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all... Moderate Unreviewed

CVE-2026-6427 was published May 28, 2026

The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2026-9644 was published May 28, 2026

A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of... Moderate Unreviewed

CVE-2026-38931 was published May 27, 2026

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2026-49044 was published May 27, 2026

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed... Moderate Unreviewed

CVE-2026-49102 was published May 27, 2026

Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a... Moderate Unreviewed

CVE-2026-48927 was published May 27, 2026

Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows... Moderate Unreviewed

CVE-2026-47119 was published May 27, 2026

IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0,... Moderate Unreviewed

CVE-2025-3633 was published May 27, 2026

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2026-42751 was published May 27, 2026

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2026-42750 was published May 27, 2026

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed

CVE-2026-3349 was published May 27, 2026

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2026-3348 was published May 27, 2026

The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2026-2288 was published May 27, 2026

The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed

CVE-2026-2280 was published May 27, 2026

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2026-48968 was published May 27, 2026

Improper neutralization of input during web page generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-10466 was published May 27, 2026

Improper neutralization of input during web page generation ('Cross-site Scripting')... Moderate Unreviewed

CVE-2025-13167 was published May 27, 2026

The Github Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2026-8042 was published May 27, 2026

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's'... Moderate Unreviewed

CVE-2026-3001 was published May 27, 2026

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed

CVE-2026-2030 was published May 27, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

36,584 advisories