GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
17,529 advisories
Filter by severity
The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2026-12920
was published
Jul 3, 2026
Mautic has SQL Injection in API Contact Filtering
High
CVE-2026-4776
was published
for
mautic/core
(Composer)
Jul 2, 2026
Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read
High
CVE-2026-50180
was published
for
langroid
(pip)
Jul 2, 2026
In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an...
High
Unreviewed
CVE-2026-9272
was published
Jul 2, 2026
A malicious actor with access to the network and low privileges could exploit an authenticated...
High
Unreviewed
CVE-2026-56841
was published
Jul 2, 2026
A malicious actor with access to the network and low privileges could exploit a series of...
Critical
Unreviewed
CVE-2026-50747
was published
Jul 2, 2026
A malicious actor with access to the network and low privileges could exploit a series of...
High
Unreviewed
CVE-2026-54404
was published
Jul 2, 2026
Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.
High
Unreviewed
CVE-2026-57765
was published
Jul 2, 2026
Contributor SQL Injection in Custom Field Template <= 2.7.8 versions.
High
Unreviewed
CVE-2026-57687
was published
Jul 2, 2026
Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions.
High
Unreviewed
CVE-2026-57756
was published
Jul 2, 2026
Contributor SQL Injection in iNET Webkit 1.2.4 versions.
High
Unreviewed
CVE-2026-57752
was published
Jul 2, 2026
Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions.
Critical
Unreviewed
CVE-2026-57683
was published
Jul 2, 2026
Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions.
Critical
Unreviewed
CVE-2026-57679
was published
Jul 2, 2026
Subscriber SQL Injection in Unicamp <= 2.2.2 versions.
High
Unreviewed
CVE-2025-69094
was published
Jul 2, 2026
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2026-14029
was published
Jul 2, 2026
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring...
High
Unreviewed
CVE-2026-8441
was published
Jul 2, 2026
The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby'...
Moderate
Unreviewed
CVE-2026-13357
was published
Jul 2, 2026
SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker...
Critical
Unreviewed
CVE-2026-52186
was published
Jul 2, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')...
Moderate
Unreviewed
CVE-2026-14363
was published
Jul 1, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')...
Moderate
Unreviewed
CVE-2026-58521
was published
Jul 1, 2026
SQL Injection vulnerability in GoAdminGroup GoAdmin (last release v1.2.26) allows a remote...
Moderate
Unreviewed
CVE-2026-51946
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in...
Critical
Unreviewed
CVE-2026-34103
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in...
Critical
Unreviewed
CVE-2026-34105
was published
Jul 1, 2026
Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in...
Critical
Unreviewed
CVE-2026-34104
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in...
Critical
Unreviewed
CVE-2026-34101
was published
Jul 1, 2026
ProTip!
Advisories are also available from the
GraphQL API