GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,323
Maven
5,000+
npm
5,000+
NuGet
1,031
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,494
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
119,735 advisories
Filter by severity
The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fields'...
High
Unreviewed
CVE-2026-7543
was published
Jul 16, 2026
The Joomla extension Quix Page Builder Pro is vulnerable to an unauthenticated SQL injection.
High
Unreviewed
CVE-2026-58078
was published
Jul 16, 2026
A local privilege escalation vulnerability in ESET Inspect Connector.
The vulnerability was...
High
Unreviewed
CVE-2026-6423
was published
Jul 16, 2026
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin...
High
Unreviewed
CVE-2026-15008
was published
Jul 16, 2026
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for...
High
Unreviewed
CVE-2026-15103
was published
Jul 16, 2026
The Digits: WordPress Mobile Number Signup and Login plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2026-13741
was published
Jul 16, 2026
The Loco Translate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all...
High
Unreviewed
CVE-2026-15005
was published
Jul 16, 2026
The RPB Chessboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment...
High
Unreviewed
CVE-2026-13042
was published
Jul 16, 2026
Loki queries with large limits can cause large memory allocations which can impact the...
High
Unreviewed
CVE-2026-21729
was published
Jul 16, 2026
The Advance Product Search- Voice & Ajax Search for WooCommerce plugin for WordPress is...
High
Unreviewed
CVE-2026-12753
was published
Jul 16, 2026
A flaw was found in Keycloak. When the JSON Web Token (JWT) authorization grant preview feature...
High
Unreviewed
CVE-2026-1609
was published
Jul 16, 2026
A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows...
High
Unreviewed
CVE-2026-23538
was published
Jul 16, 2026
A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP...
High
Unreviewed
CVE-2026-48863
was published
Jul 16, 2026
A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual...
High
Unreviewed
CVE-2026-3842
was published
Jul 16, 2026
PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level...
High
Unreviewed
CVE-2026-63175
was published
Jul 16, 2026
CVE-2026-33445 is a memory management
vulnerability in Secure Access servers prior to 14.55....
High
Unreviewed
CVE-2026-33445
was published
Jul 15, 2026
CVE-2026-33443 is a memory management error in
Secure Access servers prior to 14.55. Attackers...
High
Unreviewed
CVE-2026-33443
was published
Jul 15, 2026
CVE-2026-40952 is a privilege misconfiguration
in the Secure Access installer for the Windows...
High
Unreviewed
CVE-2026-40952
was published
Jul 15, 2026
OS command injection in the npm package loading component in AWS jsii-diff before 1.131.0 might...
High
Unreviewed
CVE-2026-15895
was published
Jul 15, 2026
The Gravity Forms plugin for WordPress is vulnerable to Directory Traversal in all versions up to...
High
Unreviewed
CVE-2026-12997
was published
Jul 15, 2026
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform...
High
Unreviewed
CVE-2026-20296
was published
Jul 15, 2026
Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code...
High
Unreviewed
CVE-2026-40501
was published
Jul 15, 2026
BloodHound through 9.4.0, fixed in commit 8f79035, contains a missing authorization vulnerability...
High
Unreviewed
CVE-2026-59255
was published
Jul 15, 2026
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud...
High
Unreviewed
CVE-2026-20297
was published
Jul 15, 2026
immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/...
High
Unreviewed
CVE-2026-59258
was published
Jul 15, 2026
ProTip!
Advisories are also available from the
GraphQL API