GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+
335,515 advisories
Filter by severity
A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm...
Moderate
Unreviewed
CVE-2026-9801
was published
May 28, 2026
A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated...
Moderate
Unreviewed
CVE-2026-9803
was published
May 28, 2026
A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session...
Moderate
Unreviewed
CVE-2026-9802
was published
May 28, 2026
A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol...
Moderate
Unreviewed
CVE-2026-9792
was published
May 28, 2026
A flaw was found in Keycloak. An authenticated user with existing organization membership can...
Moderate
Unreviewed
CVE-2026-9791
was published
May 28, 2026
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2026-9241
was published
May 28, 2026
A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is...
Moderate
Unreviewed
CVE-2026-9793
was published
May 28, 2026
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure...
Moderate
Unreviewed
CVE-2026-9228
was published
May 28, 2026
A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability...
Moderate
Unreviewed
CVE-2026-9794
was published
May 28, 2026
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote...
High
Unreviewed
CVE-2026-9009
was published
May 28, 2026
A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator...
High
Unreviewed
CVE-2026-9795
was published
May 28, 2026
A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can...
Moderate
Unreviewed
CVE-2026-9796
was published
May 28, 2026
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in...
High
Unreviewed
CVE-2026-7802
was published
May 28, 2026
Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection...
Moderate
Unreviewed
CVE-2026-9673
was published
May 28, 2026
A flaw was found in Keycloak, an open-source identity and access management solution. When a user...
Moderate
Unreviewed
CVE-2026-9798
was published
May 28, 2026
The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in...
Moderate
Unreviewed
CVE-2026-3173
was published
May 28, 2026
The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2026-9644
was published
May 28, 2026
The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Moderate
Unreviewed
CVE-2026-7533
was published
May 28, 2026
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.
High
Unreviewed
CVE-2026-32996
was published
May 28, 2026
The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8...
High
Unreviewed
CVE-2026-32995
was published
May 28, 2026
A vulnerability allowing an authenticated user with the Backup Administrator role to write...
High
Unreviewed
CVE-2026-32997
was published
May 28, 2026
This vulnerability in Veeam Service Provider Console allows for remote code execution.
Critical
Unreviewed
CVE-2026-32998
was published
May 28, 2026
Insufficient character filtering in backup agent signing module on Comet Backup server allows...
Critical
Unreviewed
CVE-2026-32999
was published
May 28, 2026
The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in...
Moderate
Unreviewed
CVE-2026-5737
was published
May 28, 2026
The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
High
Unreviewed
CVE-2026-2374
was published
May 28, 2026
ProTip!
Advisories are also available from the
GraphQL API