Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

42,538 advisories

Loading
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed
CVE-2026-7634 was published May 28, 2026
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-4334 was published May 28, 2026
The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed
CVE-2026-7660 was published May 28, 2026
A stored cross-site scripting (XSS) vulnerability exists in the notification panel of CTI... Moderate Unreviewed
CVE-2026-9806 was published May 28, 2026
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a... Moderate Unreviewed
CVE-2024-47097 was published May 28, 2026
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a... Moderate Unreviewed
CVE-2024-47096 was published May 28, 2026
The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable... High Unreviewed
CVE-2026-7052 was published May 28, 2026
The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all... Moderate Unreviewed
CVE-2026-6427 was published May 28, 2026
The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-9644 was published May 28, 2026
The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting... High Unreviewed
CVE-2026-2374 was published May 28, 2026
Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering Low
CVE-2026-45072 was published for symfony/symfony (Composer) May 27, 2026
A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of... Moderate Unreviewed
CVE-2026-38931 was published May 27, 2026
Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend High
CVE-2026-45368 was published for getkirby/cms (Composer) May 27, 2026
offset Credited to offset
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-49044 was published May 27, 2026
Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed... Moderate Unreviewed
CVE-2026-49102 was published May 27, 2026
Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a... Moderate Unreviewed
CVE-2026-48927 was published May 27, 2026
Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows... Moderate Unreviewed
CVE-2026-47119 was published May 27, 2026
IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0,... Moderate Unreviewed
CVE-2025-3633 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-42751 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-42750 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42754 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42759 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42762 was published May 27, 2026
The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-2288 was published May 27, 2026
The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed
CVE-2026-2280 was published May 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database