Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

159,159 advisories

Loading
Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection... Moderate Unreviewed
CVE-2026-9673 was published May 28, 2026
A flaw was found in Keycloak, an open-source identity and access management solution. When a user... Moderate Unreviewed
CVE-2026-9798 was published May 28, 2026
The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in... Moderate Unreviewed
CVE-2026-3173 was published May 28, 2026
The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-7533 was published May 28, 2026
The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in... Moderate Unreviewed
CVE-2026-5737 was published May 28, 2026
A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol... Moderate Unreviewed
CVE-2026-9792 was published May 28, 2026
A flaw was found in Keycloak. An authenticated user with existing organization membership can... Moderate Unreviewed
CVE-2026-9791 was published May 28, 2026
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-9241 was published May 28, 2026
A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is... Moderate Unreviewed
CVE-2026-9793 was published May 28, 2026
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure... Moderate Unreviewed
CVE-2026-9228 was published May 28, 2026
A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability... Moderate Unreviewed
CVE-2026-9794 was published May 28, 2026
A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can... Moderate Unreviewed
CVE-2026-9796 was published May 28, 2026
A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm... Moderate Unreviewed
CVE-2026-9801 was published May 28, 2026
A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated... Moderate Unreviewed
CVE-2026-9803 was published May 28, 2026
The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-9644 was published May 28, 2026
A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session... Moderate Unreviewed
CVE-2026-9802 was published May 28, 2026
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization... Moderate Unreviewed
CVE-2026-32591 was published Apr 8, 2026
A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by... Moderate Unreviewed
CVE-2026-2377 was published Apr 8, 2026
The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for... Moderate Unreviewed
CVE-2026-4888 was published May 28, 2026
GPT-Pilot contains a command injection vulnerability in the Executor.run() method Moderate
CVE-2026-31246 was published for gpt-pilot (pip) May 11, 2026
mem0 server lacks authentication and authorization controls for its memory creation API endpoint Moderate
CVE-2026-31245 was published for mem0ai (pip) May 12, 2026
mem0 server lacks authentication and authorization controls for its memory deletion API endpoint Moderate
CVE-2026-31241 was published for mem0ai (pip) May 12, 2026
Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export Moderate
CVE-2026-45703 was published for pimcore/pimcore (Composer) May 27, 2026
HuajiHD Credited to HuajiHD
AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username Moderate
CVE-2026-45309 was published for asyncssh (pip) May 27, 2026
0xHunSec Credited to 0xHunSec
A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of... Moderate Unreviewed
CVE-2026-38931 was published May 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database