Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

118,835 advisories

Loading
The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... High Unreviewed
CVE-2026-1843 was published Feb 14, 2026
The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local... High Unreviewed
CVE-2026-1988 was published Feb 14, 2026
The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all... High Unreviewed
CVE-2026-0745 was published Feb 14, 2026
The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid'... High Unreviewed
CVE-2026-2024 was published Feb 14, 2026
The Super Simple Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site... High Unreviewed
CVE-2026-0753 was published Feb 14, 2026
The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all... High Unreviewed
CVE-2026-2144 was published Feb 14, 2026
Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper... High Unreviewed
CVE-2026-2469 was published Feb 14, 2026
The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing... High Unreviewed
CVE-2026-0692 was published Feb 14, 2026
The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is vulnerable to... High Unreviewed
CVE-2026-1841 was published Feb 14, 2026
The PixelYourSite PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed
CVE-2026-1844 was published Feb 14, 2026
The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-15157 was published Feb 14, 2026
Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within... High Unreviewed
CVE-2026-26334 was published Feb 13, 2026
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to... High Unreviewed
CVE-2026-2441 was published Feb 13, 2026
rPGP affected by crash in message handling for deeply nested messages High
GHSA-8h58-w33p-wq3g was published for pgp (Rust) Feb 13, 2026
invd
Credited to invd
rPGP vulnerable to parser crash on crafted RSA secret key packets through CVE-2026-21895 High
GHSA-7587-4wv6-m68m was published for pgp (Rust) Feb 13, 2026
invd
Credited to invd
Wildfly Elytron integration susceptible to brute force attacks via CLI High
CVE-2025-23368 was published for org.wildfly.core:wildfly-elytron-integration (Maven) Feb 13, 2026
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows... High Unreviewed
CVE-2025-70123 was published Feb 13, 2026
An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote... High Unreviewed
CVE-2025-70121 was published Feb 13, 2026
A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote... High Unreviewed
CVE-2025-70122 was published Feb 13, 2026
An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a... High Unreviewed
CVE-2025-70093 was published Feb 13, 2026
lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access High
CVE-2026-26187 was published for github.com/treeverse/lakefs (Go) Feb 13, 2026
nopcoder
Credited to nopcoder
Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc.... High Unreviewed
CVE-2026-1619 was published Feb 13, 2026
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability... High Unreviewed
CVE-2025-14349 was published Feb 13, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc.... High Unreviewed
CVE-2026-1618 was published Feb 13, 2026
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is... High Unreviewed
CVE-2026-25108 was published Feb 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database