Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

82,734 advisories

Loading
CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored... Moderate Unreviewed
CVE-2026-40529 was published Apr 23, 2026
Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via... Moderate Unreviewed
CVE-2026-41989 was published Apr 23, 2026
Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an... Moderate Unreviewed
CVE-2026-3007 was published Apr 23, 2026
The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-3361 was published Apr 23, 2026
Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds... Moderate Unreviewed
CVE-2026-41990 was published Apr 23, 2026
The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is... Moderate Unreviewed
CVE-2026-2951 was published Apr 23, 2026
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-1923 was published Apr 23, 2026
A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal... Moderate Unreviewed
CVE-2026-6878 was published Apr 23, 2026
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown... Moderate Unreviewed
CVE-2026-6874 was published Apr 23, 2026
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container... Moderate Unreviewed
CVE-2026-5926 was published Apr 23, 2026
IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability... Moderate Unreviewed
CVE-2026-4919 was published Apr 23, 2026
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes... Moderate Unreviewed
CVE-2026-1352 was published Apr 23, 2026
IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic... Moderate Unreviewed
CVE-2026-1274 was published Apr 23, 2026
IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This... Moderate Unreviewed
CVE-2026-4918 was published Apr 23, 2026
IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on... Moderate Unreviewed
CVE-2026-4917 was published Apr 23, 2026
IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory... Moderate Unreviewed
CVE-2025-36074 was published Apr 23, 2026
WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL... Moderate Unreviewed
CVE-2026-41455 was published Apr 23, 2026
OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender Moderate
GHSA-ffq5-qpvf-xq7x was published for openc3 (RubyGems) Apr 22, 2026
ctrlsill Credited to ctrlsill
OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames Moderate
GHSA-4jvx-93h3-f45h was published for openc3 (RubyGems) Apr 22, 2026
ctrlsill Credited to ctrlsill
OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle Moderate
CVE-2026-41511 was published for OpenMcdf (NuGet) Apr 22, 2026
pawlos Credited to pawlos
Evolver has Prototype Pollution via `Object.assign()` in its mailbox store operations Moderate
GHSA-2cjr-5v3h-v2w4 was published for @evomap/evolver (npm) Apr 22, 2026
xeloxa Credited to xeloxa
An authenticated attacker can persist crafted values in multiple field types and trigger client... Moderate Unreviewed
CVE-2026-3837 was published Apr 22, 2026
Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability... Moderate Unreviewed
CVE-2026-41459 was published Apr 22, 2026
Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted... Moderate Unreviewed
CVE-2026-41469 was published Apr 22, 2026
An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript... Moderate Unreviewed
CVE-2026-3673 was published Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database