Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
65
GitHub Actions
50
Go
3,845
Maven
5,000+
npm
5,000+
NuGet
956
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,358
Swift
54
Unreviewed advisories
All unreviewed
5,000+

42,338 advisories

Loading
The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed
CVE-2026-6808 was published May 12, 2026
The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-6913 was published May 12, 2026
The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2026-7464 was published May 12, 2026
The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-7437 was published May 12, 2026
The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n'... High Unreviewed
CVE-2026-6690 was published May 12, 2026
The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style'... Moderate Unreviewed
CVE-2026-6237 was published May 12, 2026
The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2026-6247 was published May 12, 2026
The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2026-5340 was published May 12, 2026
The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class'... Moderate Unreviewed
CVE-2026-5715 was published May 12, 2026
The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-4859 was published May 12, 2026
The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default'... Moderate Unreviewed
CVE-2026-4920 was published May 12, 2026
The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-3604 was published May 12, 2026
The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-2300 was published May 12, 2026
SAP TAF_APPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft... Moderate Unreviewed
CVE-2026-40137 was published May 12, 2026
Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server... Moderate Unreviewed
CVE-2026-27682 was published May 12, 2026
MantisBT Vulnerable to Stored XSS in File Download High
CVE-2026-44657 was published for mantisbt/mantisbt (Composer) May 11, 2026
siunam321 Credited to siunam321 and dregad dregad dregad
MantisBT has Stored XSS on Move Attachments Admin Page High
CVE-2026-44655 was published for mantisbt/mantisbt (Composer) May 11, 2026
dregad Credited to dregad
local-deep-research is Vulnerable to HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`) Moderate
CVE-2026-43979 was published for local-deep-research (pip) May 11, 2026
Firebasky Credited to Firebasky
MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field Moderate
CVE-2026-41897 was published for mantisbt/mantisbt (Composer) May 11, 2026
siunam321 Credited to siunam321 and dregad dregad dregad
MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column High
CVE-2026-40607 was published for mantisbt/mantisbt (Composer) May 11, 2026
siunam321 Credited to siunam321 and dregad dregad dregad
MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page Moderate
CVE-2026-40598 was published for mantisbt/mantisbt (Composer) May 11, 2026
siunam321 Credited to siunam321 and dregad dregad dregad
MantisBT has a Content Security Policy bypass via attachments High
CVE-2026-40597 was published for mantisbt/mantisbt (Composer) May 11, 2026
siunam321 Credited to siunam321 and dregad dregad dregad
MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference High
CVE-2026-40596 was published for mantisbt/mantisbt (Composer) May 11, 2026
siunam321 Credited to siunam321 and dregad dregad dregad
MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values Moderate
CVE-2026-39960 was published for mantisbt/mantisbt (Composer) May 11, 2026
morimori-dev Credited to morimori-dev, dregad, and TristanInSec dregad dregad
TristanInSec TristanInSec
MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form High
CVE-2026-34463 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304, dregad, and siunam321 dregad dregad
siunam321 siunam321
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database