Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,867
Maven
5,000+
npm
4,488
NuGet
780
pip
4,244
Pub
12
RubyGems
975
Rust
1,096
Swift
49
Unreviewed advisories
All unreviewed
5,000+

148,438 advisories

Loading
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-24632 was published Jan 23, 2026
Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration... Moderate Unreviewed
CVE-2026-24585 was published Jan 23, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-24626 was published Jan 23, 2026
Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code... Moderate Unreviewed
CVE-2026-24619 was published Jan 23, 2026
Missing Authorization vulnerability in Imaginate Solutions File Uploads Addon for WooCommerce woo... Moderate Unreviewed
CVE-2026-24625 was published Jan 23, 2026
Missing Authorization vulnerability in Trusona Trusona for WordPress trusona allows Exploiting... Moderate Unreviewed
CVE-2026-24627 was published Jan 23, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-69317 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-69316 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-24355 was published Jan 22, 2026
Duplicate Advisory: Svix vulnerable to improper comparison of different-length signatures Moderate
GHSA-w277-wpqf-rcfv was published for svix (Rust) Feb 6, 2024 withdrawn
Duplicate Advisory: Uncaught Exception in libpulse-binding Moderate
GHSA-wcxc-jf6c-8rx9 was published for libpulse-binding (Rust) Aug 25, 2021 withdrawn
An OS command injection vulnerability in Palo Alto Networks Expedition enables an authenticated... Moderate Unreviewed
CVE-2025-0107 was published Jan 11, 2025
A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated... Moderate Unreviewed
CVE-2025-0106 was published Jan 11, 2025
An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an... Moderate Unreviewed
CVE-2025-0105 was published Jan 11, 2025
The communication protocol used between the server process and the service control had a flaw... Moderate Unreviewed
CVE-2025-30025 was published Jul 11, 2025
libuser has information disclosure when moving user's home directory Moderate Unreviewed
CVE-2012-5644 was published Apr 23, 2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-24601 was published Jan 23, 2026
Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage... Moderate Unreviewed
CVE-2026-24598 was published Jan 23, 2026
A reflected cross-site scripting (XSS) vulnerability in ToDesktop Builder v0.33.1 allows... Moderate Unreviewed
CVE-2025-67231 was published Jan 23, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-22349 was published Jan 22, 2026
Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo... Moderate Unreviewed
CVE-2026-24599 was published Jan 23, 2026
Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for... Moderate Unreviewed
CVE-2026-24596 was published Jan 23, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-24593 was published Jan 23, 2026
Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows... Moderate Unreviewed
CVE-2026-24606 was published Jan 23, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-24594 was published Jan 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database