Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,043
Maven
5,000+
npm
4,781
NuGet
825
pip
4,382
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

151,117 advisories

Loading
ZITADEL's truncated opaque tokens are still valid Moderate
CVE-2026-27840 was published for github.com/zitadel/zitadel (Go) Feb 27, 2026
lucasdodgson Credited to lucasdodgson, muhlemmer, livio-a, and wim07101993 muhlemmer muhlemmer
livio-a livio-a wim07101993 wim07101993
Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID Moderate
CVE-2026-27734 was published for github.com/henrygd/beszel (Go) Feb 27, 2026
nekros1xx Credited to nekros1xx
@actual-app/sync-server: Missing authorization in sync endpoints allows cross-user budget file access in multi-user mode Moderate
CVE-2026-27638 was published for @actual-app/sync-server (npm) Feb 27, 2026
q1uf3ng Credited to q1uf3ng
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass... Moderate Unreviewed
CVE-2026-27753 was published Feb 27, 2026
AWS CLI: cli_history database does not restrict file permissions on Unix systems Moderate
GHSA-747p-wmpv-9c78 was published for awscli (pip) Feb 27, 2026
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a... Moderate Unreviewed
CVE-2026-3327 was published Feb 27, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-11950 was published Feb 27, 2026
Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a... Moderate Unreviewed
CVE-2026-1434 was published Feb 27, 2026
PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with... Moderate Unreviewed
CVE-2026-24351 was published Feb 27, 2026
The Electric Enquiries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-14142 was published Feb 27, 2026
The MailArchiver plugin for WordPress is vulnerable to SQL Injection via the ‘logid’ parameter in... Moderate Unreviewed
CVE-2026-2831 was published Feb 27, 2026
The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The... Moderate Unreviewed
CVE-2024-10938 was published Feb 27, 2026
Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a... Moderate Unreviewed
CVE-2026-21660 was published Feb 27, 2026
PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker... Moderate Unreviewed
CVE-2026-24350 was published Feb 27, 2026
The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in... Moderate Unreviewed
CVE-2026-1305 was published Feb 27, 2026
PluXml CMS allows a user's session identifier to be set before authentication. The value of this... Moderate Unreviewed
CVE-2026-24352 was published Feb 27, 2026
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event... Moderate Unreviewed
CVE-2025-9908 was published Feb 27, 2026
The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored... Moderate Unreviewed
CVE-2025-14040 was published Feb 27, 2026
The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting... Moderate Unreviewed
CVE-2026-2362 was published Feb 27, 2026
A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the ... Moderate Unreviewed
CVE-2026-0871 was published Feb 27, 2026
A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during... Moderate Unreviewed
CVE-2025-13327 was published Feb 27, 2026
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event... Moderate Unreviewed
CVE-2025-9907 was published Feb 27, 2026
An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service... Moderate Unreviewed
CVE-2026-1627 was published Feb 27, 2026
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2025-14149 was published Feb 27, 2026
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata... Moderate Unreviewed
CVE-2025-9572 was published Feb 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database