Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

158,245 advisories

Loading
A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the... Moderate Unreviewed
CVE-2026-8734 was published May 17, 2026
A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an... Moderate Unreviewed
CVE-2026-8725 was published May 17, 2026
Weblate: Stored HTML injection in editor search preview Moderate
CVE-2026-45106 was published for weblate (pip) May 15, 2026
adrgs Credited to adrgs, aisafe-bot, and nijel aisafe-bot aisafe-bot
nijel nijel
Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows... Moderate Unreviewed
CVE-2021-47981 was published May 16, 2026
WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows... Moderate Unreviewed
CVE-2021-47975 was published May 16, 2026
WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand... Moderate Unreviewed
CVE-2020-37235 was published May 16, 2026
CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers... Moderate Unreviewed
CVE-2021-47955 was published May 16, 2026
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows... Moderate Unreviewed
CVE-2020-37240 was published May 16, 2026
CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows... Moderate Unreviewed
CVE-2020-37238 was published May 16, 2026
NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows... Moderate Unreviewed
CVE-2020-37236 was published May 16, 2026
bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to... Moderate Unreviewed
CVE-2020-37241 was published May 16, 2026
Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler... Moderate Unreviewed
CVE-2020-37234 was published May 16, 2026
Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows... Moderate Unreviewed
CVE-2020-37237 was published May 16, 2026
MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to... Moderate Unreviewed
CVE-2021-47934 was published May 16, 2026
Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated... Moderate Unreviewed
CVE-2020-37246 was published May 16, 2026
Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows... Moderate Unreviewed
CVE-2021-47957 was published May 16, 2026
ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated... Moderate Unreviewed
CVE-2021-47978 was published May 16, 2026
WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that... Moderate Unreviewed
CVE-2020-37233 was published May 16, 2026
The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is... Moderate Unreviewed
CVE-2025-4202 was published May 16, 2026
The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all... Moderate Unreviewed
CVE-2026-8681 was published May 16, 2026
`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding... Moderate Unreviewed
CVE-2026-7210 was published May 11, 2026
Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi... Moderate Unreviewed
CVE-2026-8669 was published May 15, 2026
Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on... Moderate Unreviewed
CVE-2026-8454 was published May 15, 2026
Open WebUI Vulnerable to Unauthenticated RAG Configuration Disclosure Moderate
CVE-2026-45397 was published for open-webui (pip) May 14, 2026
0xRyuzak1 Credited to 0xRyuzak1
Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation Moderate
CVE-2026-45396 was published for open-webui (pip) May 14, 2026
yantongggg Credited to yantongggg
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database