Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,818
Erlang
23
GitHub Actions
38
Go
2,203
Maven
2,576
npm
2,819
NuGet
487
pip
2,656
Pub
5
RubyGems
328
Rust
877
Swift
19
Unreviewed advisories
All unreviewed
5,000+

73,411 advisories

Loading
OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender Moderate
GHSA-ffq5-qpvf-xq7x was published for openc3 (RubyGems) Apr 22, 2026
ctrlsill Credited to ctrlsill
OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames Moderate
GHSA-4jvx-93h3-f45h was published for openc3 (RubyGems) Apr 22, 2026
ctrlsill Credited to ctrlsill
OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle Moderate
CVE-2026-41511 was published for OpenMcdf (NuGet) Apr 22, 2026
pawlos Credited to pawlos
Evolver has Prototype Pollution via `Object.assign()` in its mailbox store operations Moderate
GHSA-2cjr-5v3h-v2w4 was published for @evomap/evolver (npm) Apr 22, 2026
xeloxa Credited to xeloxa
An authenticated attacker can persist crafted values in multiple field types and trigger client... Moderate Unreviewed
CVE-2026-3837 was published Apr 22, 2026
Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability... Moderate Unreviewed
CVE-2026-41459 was published Apr 22, 2026
Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted... Moderate Unreviewed
CVE-2026-41469 was published Apr 22, 2026
An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript... Moderate Unreviewed
CVE-2026-3673 was published Apr 22, 2026
The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2026-1852 was published Apr 22, 2026
The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2026-6293 was published Apr 22, 2026
The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style'... Moderate Unreviewed
CVE-2026-3998 was published Apr 22, 2026
The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all... Moderate Unreviewed
CVE-2026-3649 was published Apr 22, 2026
The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2026-4005 was published Apr 22, 2026
The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2026-4002 was published Apr 22, 2026
The Power Charts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-4011 was published Apr 22, 2026
The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id'... Moderate Unreviewed
CVE-2026-3659 was published Apr 22, 2026
The VI: Include Post By plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2026-5717 was published Apr 22, 2026
The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2026-4091 was published Apr 22, 2026
The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to... Moderate Unreviewed
CVE-2025-15470 was published Apr 22, 2026
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Sensitive Information Exposure... Moderate Unreviewed
CVE-2026-1541 was published Apr 22, 2026
The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions... Moderate Unreviewed
CVE-2026-1782 was published Apr 22, 2026
The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2026-2396 was published Apr 22, 2026
The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress... Moderate Unreviewed
CVE-2026-1314 was published Apr 22, 2026
The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all... Moderate Unreviewed
CVE-2026-3642 was published Apr 22, 2026
The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Missing Authorization to... Moderate Unreviewed
CVE-2026-4812 was published Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database