GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,303
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
1,851 advisories
Filter by severity
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected...
Low
Unreviewed
CVE-2026-15715
was published
Jul 14, 2026
FacturaScripts: Stored XSS in WidgetVariante and WidgetSubcuenta modal lists via HTML-attribute decoding of `Tools::noHtml`-escaped quotes inside `onclick=`
Low
CVE-2026-45710
was published
for
facturascripts/facturascripts
(Composer)
Jul 14, 2026
A security vulnerability has been detected in code-projects Online Job Portal 1.0. This impacts...
Low
Unreviewed
CVE-2026-15678
was published
Jul 14, 2026
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The...
Low
Unreviewed
CVE-2026-15596
was published
Jul 14, 2026
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. The...
Low
Unreviewed
CVE-2026-15595
was published
Jul 13, 2026
A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects...
Low
Unreviewed
CVE-2026-15532
was published
Jul 13, 2026
A weakness has been identified in vnotex vnote up to 3.20.1. Impacted is an unknown function of...
Low
Unreviewed
CVE-2026-15505
was published
Jul 12, 2026
A security vulnerability has been detected in igweze wizgrade up to...
Low
Unreviewed
CVE-2026-15492
was published
Jul 12, 2026
In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was...
Low
Unreviewed
CVE-2026-61492
was published
Jul 10, 2026
A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function on_post of...
Low
Unreviewed
CVE-2026-15321
was published
Jul 10, 2026
A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this...
Low
Unreviewed
CVE-2026-15311
was published
Jul 10, 2026
Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal (aka Captive...
Low
Unreviewed
CVE-2026-0279
was published
Jul 9, 2026
A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function get_url...
Low
Unreviewed
CVE-2026-15202
was published
Jul 9, 2026
Kiwi TCMS vulnerable to stored XSS via JavaScript: URI in extra_link field (TestPlan & TestCase)
Low
CVE-2026-55630
was published
for
kiwitcms
(pip)
Jul 6, 2026
A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the...
Low
Unreviewed
CVE-2026-14791
was published
Jul 6, 2026
A security vulnerability has been detected in mjperpinosa stumasy up to...
Low
Unreviewed
CVE-2026-14752
was published
Jul 5, 2026
A vulnerability was found in stephen-kruger bluebox up to 4.5.12. Affected by this vulnerability...
Low
Unreviewed
CVE-2026-14704
was published
Jul 5, 2026
A security vulnerability has been detected in code-projects Assessment Management 1.0. This...
Low
Unreviewed
CVE-2026-14656
was published
Jul 5, 2026
A weakness has been identified in code-projects Assessment Management 1.0. Affected by this issue...
Low
Unreviewed
CVE-2026-14655
was published
Jul 5, 2026
A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to...
Low
Unreviewed
CVE-2026-14634
was published
Jul 4, 2026
A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to...
Low
Unreviewed
CVE-2026-14633
was published
Jul 4, 2026
Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows...
Low
Unreviewed
CVE-2026-59102
was published
Jul 2, 2026
SFTPGo has stored XSS via inline parameter on public shares and user file download
Low
CVE-2026-49245
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Jul 2, 2026
Schema.org has cross-site scripting (XSS) via script break-out in toScript() output
Low
GHSA-hwmc-r6mf-jh83
was published
for
spatie/schema-org
(Composer)
Jul 1, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Low
Unreviewed
CVE-2026-58028
was published
Jul 1, 2026
ProTip!
Advisories are also available from the
GraphQL API