GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 26,046
Composer 5,218
Erlang 40
GitHub Actions 40
Go 2,974
Maven 6,256
npm 4,621
NuGet 788
pip 4,317
Pub 12
RubyGems 984
Rust 1,131
Swift 49

Unreviewed advisories

All unreviewed 289,607

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

109,757 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local... High Unreviewed

CVE-2026-1988 was published Feb 14, 2026

The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid'... High Unreviewed

CVE-2026-2024 was published Feb 14, 2026

The Super Simple Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site... High Unreviewed

CVE-2026-0753 was published Feb 14, 2026

The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all... High Unreviewed

CVE-2026-0745 was published Feb 14, 2026

The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... High Unreviewed

CVE-2026-1843 was published Feb 14, 2026

The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all... High Unreviewed

CVE-2026-2144 was published Feb 14, 2026

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper... High Unreviewed

CVE-2026-2469 was published Feb 14, 2026

The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing... High Unreviewed

CVE-2026-0692 was published Feb 14, 2026

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a... High Unreviewed

CVE-2025-70093 was published Feb 13, 2026

The PixelYourSite PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed

CVE-2026-1844 was published Feb 14, 2026

The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is vulnerable to... High Unreviewed

CVE-2026-1841 was published Feb 14, 2026

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to... High Unreviewed

CVE-2025-15157 was published Feb 14, 2026

A vulnerability in the certificate validation logic may allow applications to accept untrusted or... High Unreviewed

CVE-2025-9293 was published Feb 13, 2026

A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and... High Unreviewed

CVE-2026-20615 was published Feb 12, 2026

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport... High Unreviewed

CVE-2026-1642 was published Feb 4, 2026

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in... High Unreviewed

CVE-2026-20620 was published Feb 12, 2026

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution... High Unreviewed

CVE-2022-45188 was published Nov 12, 2022

On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in... High Unreviewed

CVE-2026-0652 was published Feb 10, 2026

On TP-Link Tapo C260 v1, a guest‑level authenticated user can bypass intended access restrictions... High Unreviewed

CVE-2026-0653 was published Feb 10, 2026

A privacy issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26... High Unreviewed

CVE-2026-20641 was published Feb 12, 2026

'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally. High Unreviewed

CVE-2025-47176 was published Jun 10, 2025

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within... High Unreviewed

CVE-2026-26334 was published Feb 13, 2026

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to... High Unreviewed

CVE-2026-2441 was published Feb 13, 2026

An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows... High Unreviewed

CVE-2025-70123 was published Feb 13, 2026

An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote... High Unreviewed

CVE-2025-70121 was published Feb 13, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

109,757 advisories