GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,585
Composer 5,151
Erlang 40
GitHub Actions 38
Go 2,867
Maven 6,224
npm 4,488
NuGet 780
pip 4,244
Pub 12
RubyGems 975
Rust 1,096
Swift 49

Unreviewed advisories

All unreviewed 287,084

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

287,084 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data... Moderate Unreviewed

CVE-2026-0687 was published Jan 24, 2026

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress... High Unreviewed

CVE-2026-0800 was published Jan 24, 2026

The LeadBI Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2026-1189 was published Jan 24, 2026

The JavaScript Notifier plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2026-1191 was published Jan 24, 2026

The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2026-1302 was published Jan 24, 2026

The Responsive Header plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed

CVE-2026-1300 was published Jan 24, 2026

The Postalicious plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed

CVE-2026-1266 was published Jan 24, 2026

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2026-1208 was published Jan 24, 2026

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed

CVE-2025-13139 was published Jan 24, 2026

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any... Moderate Unreviewed

CVE-2025-13205 was published Jan 24, 2026

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any... Moderate Unreviewed

CVE-2025-13194 was published Jan 24, 2026

The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-14630 was published Jan 24, 2026

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for... Low Unreviewed

CVE-2026-0633 was published Jan 24, 2026

The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2026-1076 was published Jan 24, 2026

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed

CVE-2026-1084 was published Jan 24, 2026

The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed

CVE-2026-1081 was published Jan 24, 2026

The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2026-1075 was published Jan 24, 2026

The Canto Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2026-1095 was published Jan 24, 2026

The ThemeRuby Multi Authors – Assign Multiple Writers to Posts plugin for WordPress is vulnerable... Moderate Unreviewed

CVE-2026-1097 was published Jan 24, 2026

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2026-1088 was published Jan 24, 2026

The Administrative Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2026-1099 was published Jan 24, 2026

The Timeline Event History plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed

CVE-2026-1127 was published Jan 24, 2026

The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing... Moderate Unreviewed

CVE-2026-1103 was published Jan 24, 2026

The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all... High Unreviewed

CVE-2026-1257 was published Jan 24, 2026

The CM CSS Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag... Moderate Unreviewed

CVE-2026-1098 was published Jan 24, 2026

Previous 1…3…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

287,084 advisories