GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 31,043
Composer 5,887
Erlang 70
GitHub Actions 52
Go 3,904
Maven 6,602
npm 6,308
NuGet 967
pip 5,167
Pub 13
RubyGems 1,062
Rust 1,374
Swift 54

Unreviewed advisories

All unreviewed 304,472

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

335,515 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm... Moderate Unreviewed

CVE-2026-9801 was published May 28, 2026

A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated... Moderate Unreviewed

CVE-2026-9803 was published May 28, 2026

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session... Moderate Unreviewed

CVE-2026-9802 was published May 28, 2026

A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol... Moderate Unreviewed

CVE-2026-9792 was published May 28, 2026

A flaw was found in Keycloak. An authenticated user with existing organization membership can... Moderate Unreviewed

CVE-2026-9791 was published May 28, 2026

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2026-9241 was published May 28, 2026

A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is... Moderate Unreviewed

CVE-2026-9793 was published May 28, 2026

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure... Moderate Unreviewed

CVE-2026-9228 was published May 28, 2026

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability... Moderate Unreviewed

CVE-2026-9794 was published May 28, 2026

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote... High Unreviewed

CVE-2026-9009 was published May 28, 2026

A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator... High Unreviewed

CVE-2026-9795 was published May 28, 2026

A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can... Moderate Unreviewed

CVE-2026-9796 was published May 28, 2026

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in... High Unreviewed

CVE-2026-7802 was published May 28, 2026

Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection... Moderate Unreviewed

CVE-2026-9673 was published May 28, 2026

A flaw was found in Keycloak, an open-source identity and access management solution. When a user... Moderate Unreviewed

CVE-2026-9798 was published May 28, 2026

The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in... Moderate Unreviewed

CVE-2026-3173 was published May 28, 2026

The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2026-9644 was published May 28, 2026

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed

CVE-2026-7533 was published May 28, 2026

This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation. High Unreviewed

CVE-2026-32996 was published May 28, 2026

The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8... High Unreviewed

CVE-2026-32995 was published May 28, 2026

A vulnerability allowing an authenticated user with the Backup Administrator role to write... High Unreviewed

CVE-2026-32997 was published May 28, 2026

This vulnerability in Veeam Service Provider Console allows for remote code execution. Critical Unreviewed

CVE-2026-32998 was published May 28, 2026

Insufficient character filtering in backup agent signing module on Comet Backup server allows... Critical Unreviewed

CVE-2026-32999 was published May 28, 2026

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in... Moderate Unreviewed

CVE-2026-5737 was published May 28, 2026

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting... High Unreviewed

CVE-2026-2374 was published May 28, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

335,515 advisories