GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,296
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
43,552 advisories
Filter by severity
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a stored cross-site...
Moderate
Unreviewed
CVE-2026-58475
was published
Jul 14, 2026
A security vulnerability has been detected in code-projects Online Job Portal 1.0. This impacts...
Low
Unreviewed
CVE-2026-15678
was published
Jul 14, 2026
The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2026-11390
was published
Jul 14, 2026
The WP Customer Area plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
Moderate
Unreviewed
CVE-2026-7640
was published
Jul 14, 2026
setThemeRoot() failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled...
Moderate
Unreviewed
CVE-2026-44767
was published
Jul 14, 2026
SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious...
High
Unreviewed
CVE-2026-44752
was published
Jul 14, 2026
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts...
Moderate
Unreviewed
CVE-2026-44759
was published
Jul 14, 2026
Due to a Cross-Site Scripting (XSS) vulnerability, applications based on Business Server Pages...
Moderate
Unreviewed
CVE-2026-44760
was published
Jul 14, 2026
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The...
Low
Unreviewed
CVE-2026-15596
was published
Jul 14, 2026
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. The...
Low
Unreviewed
CVE-2026-15595
was published
Jul 13, 2026
Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows...
Moderate
Unreviewed
CVE-2026-49971
was published
Jul 13, 2026
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
Moderate
Unreviewed
CVE-2026-12536
was published
Jul 13, 2026
Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without...
Moderate
Unreviewed
CVE-2026-61501
was published
Jul 13, 2026
Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing,...
Moderate
Unreviewed
CVE-2026-61504
was published
Jul 13, 2026
NukeViet: Multiple Anti-XSS Filter Bypasses Leading to Stored XSS in News Module
High
CVE-2026-54064
was published
for
nukeviet/nukeviet
(Composer)
Jul 13, 2026
NukeViet: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
High
CVE-2026-49259
was published
for
nukeviet/nukeviet
(Composer)
Jul 13, 2026
NukeViet: Unauthenticated Reflected XSS in Comment Module
High
CVE-2026-48118
was published
for
nukeviet/nukeviet
(Composer)
Jul 13, 2026
GeoNode: Stored XSS to full account takeover
Moderate
CVE-2024-27091
was published
for
geonode
(pip)
Jul 13, 2026
Stored Cross-Site Scripting (XSS) vulnerability in the RD Station Conversas chat. The...
Moderate
Unreviewed
CVE-2026-4765
was published
Jul 13, 2026
Versions of Mura CMS prior to 10.0.712 contain a critical remote code execution (RCE)...
Moderate
Unreviewed
CVE-2026-12257
was published
Jul 13, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2026-59516
was published
Jul 13, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2026-57816
was published
Jul 13, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2026-57814
was published
Jul 13, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2026-57718
was published
Jul 13, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2026-57728
was published
Jul 13, 2026
ProTip!
Advisories are also available from the
GraphQL API