GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 26,046
Composer 5,218
Erlang 40
GitHub Actions 40
Go 2,974
Maven 6,256
npm 4,621
NuGet 788
pip 4,317
Pub 12
RubyGems 984
Rust 1,131
Swift 49

Unreviewed advisories

All unreviewed 289,607

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

289,607 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Simple Plyr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'poster... Moderate Unreviewed

CVE-2026-1915 was published Feb 14, 2026

The Sphere Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2026-1905 was published Feb 14, 2026

The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid'... High Unreviewed

CVE-2026-2024 was published Feb 14, 2026

The Super Simple Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site... High Unreviewed

CVE-2026-0753 was published Feb 14, 2026

The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed

CVE-2026-1306 was published Feb 14, 2026

The UpMenu – Online ordering for restaurants plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed

CVE-2026-1910 was published Feb 14, 2026

The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local... High Unreviewed

CVE-2026-1988 was published Feb 14, 2026

The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a... Moderate Unreviewed

CVE-2026-2022 was published Feb 14, 2026

The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all... Moderate Unreviewed

CVE-2026-1303 was published Feb 14, 2026

The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 3D Model... Moderate Unreviewed

CVE-2026-1985 was published Feb 14, 2026

The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2026-1254 was published Feb 14, 2026

The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in... Moderate Unreviewed

CVE-2026-1987 was published Feb 14, 2026

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is... Moderate Unreviewed

CVE-2026-1249 was published Feb 14, 2026

The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', ... Moderate Unreviewed

CVE-2026-1258 was published Feb 14, 2026

The Geo Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL path... Moderate Unreviewed

CVE-2026-1792 was published Feb 14, 2026

The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2026-1096 was published Feb 14, 2026

The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2026-1903 was published Feb 14, 2026

The myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ... Moderate Unreviewed

CVE-2026-0550 was published Feb 14, 2026

The WP Quick Contact Us plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2026-1394 was published Feb 14, 2026

The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2026-0557 was published Feb 14, 2026

The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2026-0735 was published Feb 14, 2026

The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all... High Unreviewed

CVE-2026-0745 was published Feb 14, 2026

The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2026-0693 was published Feb 14, 2026

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is... Moderate Unreviewed

CVE-2026-0559 was published Feb 14, 2026

The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in... Moderate Unreviewed

CVE-2026-0727 was published Feb 14, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

289,607 advisories