GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 26,029
Composer 5,217
Erlang 40
GitHub Actions 40
Go 2,971
Maven 6,254
npm 4,616
NuGet 788
pip 4,316
Pub 12
RubyGems 984
Rust 1,126
Swift 49

Unreviewed advisories

All unreviewed 289,454

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

40,133 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case,... Moderate Unreviewed

CVE-2025-13650 was published Feb 11, 2026

The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2026-1804 was published Feb 11, 2026

The HTML Tag Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2026-1809 was published Feb 11, 2026

The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored... Moderate Unreviewed

CVE-2026-1826 was published Feb 11, 2026

The Microtango plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'restkey... Moderate Unreviewed

CVE-2026-1821 was published Feb 11, 2026

The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2026-1827 was published Feb 11, 2026

The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2026-1885 was published Feb 11, 2026

The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2026-1853 was published Feb 11, 2026

The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag... Moderate Unreviewed

CVE-2026-0815 was published Feb 11, 2026

The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2026-0724 was published Feb 11, 2026

The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... High Unreviewed

CVE-2025-15440 was published Feb 11, 2026

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed

CVE-2025-10913 was published Feb 11, 2026

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2026-1893 was published Feb 11, 2026

The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is... Moderate Unreviewed

CVE-2026-1231 was published Feb 11, 2026

User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer... Moderate Unreviewed

CVE-2026-1571 was published Feb 11, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Azure... Moderate Unreviewed

CVE-2026-21529 was published Feb 10, 2026

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed

CVE-2025-52436 was published Feb 10, 2026

The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in... High Unreviewed

CVE-2025-11004 was published Feb 10, 2026

The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2026-1922 was published Feb 10, 2026

A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 ... Moderate Unreviewed

CVE-2025-40587 was published Feb 10, 2026

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double... High Unreviewed

CVE-2026-1866 was published Feb 10, 2026

AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing... Moderate Unreviewed

CVE-2026-2098 was published Feb 10, 2026

AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing... Moderate Unreviewed

CVE-2026-2099 was published Feb 10, 2026

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI... Moderate Unreviewed

CVE-2026-0996 was published Feb 10, 2026

SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to... Moderate Unreviewed

CVE-2026-24325 was published Feb 10, 2026

Previous 12…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

40,133 advisories