GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
4,717 advisories
Filter by severity
The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress...
Moderate
Unreviewed
CVE-2026-13262
was published
Jul 11, 2026
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2026-15072
was published
Jul 11, 2026
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2026-15073
was published
Jul 11, 2026
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is...
Moderate
Unreviewed
CVE-2026-13010
was published
Jul 10, 2026
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for...
Moderate
Unreviewed
CVE-2026-12918
was published
Jul 10, 2026
The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2026-14475
was published
Jul 10, 2026
The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for...
Moderate
Unreviewed
CVE-2026-15104
was published
Jul 10, 2026
The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based...
Moderate
Unreviewed
CVE-2026-15289
was published
Jul 10, 2026
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to time...
Moderate
Unreviewed
CVE-2026-15287
was published
Jul 10, 2026
YesWiki: SQL injection via the `recentchanges` action `period` argument leads to arbitrary DB read
Moderate
CVE-2026-52763
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for...
Moderate
Unreviewed
CVE-2026-14342
was published
Jul 9, 2026
The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin...
Moderate
Unreviewed
CVE-2026-13011
was published
Jul 9, 2026
A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute...
Moderate
Unreviewed
CVE-2026-39179
was published
Jul 9, 2026
A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute...
Moderate
Unreviewed
CVE-2026-39178
was published
Jul 9, 2026
n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection...
Moderate
Unreviewed
CVE-2026-59257
was published
Jul 8, 2026
The Recurio – Ultimate Subscription for WooCommerce plugin for WordPress is vulnerable to generic...
Moderate
Unreviewed
CVE-2026-12936
was published
Jul 8, 2026
KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping
Moderate
CVE-2026-53572
was published
for
github.com/kedacore/keda/v2
(Go)
Jul 7, 2026
The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2026-12920
was published
Jul 3, 2026
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2026-14029
was published
Jul 2, 2026
The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby'...
Moderate
Unreviewed
CVE-2026-13357
was published
Jul 2, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')...
Moderate
Unreviewed
CVE-2026-14363
was published
Jul 1, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')...
Moderate
Unreviewed
CVE-2026-58521
was published
Jul 1, 2026
SQL Injection vulnerability in GoAdminGroup GoAdmin (last release v1.2.26) allows a remote...
Moderate
Unreviewed
CVE-2026-51946
was published
Jul 1, 2026
The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via...
Moderate
Unreviewed
CVE-2026-13454
was published
Jul 1, 2026
The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for...
Moderate
Unreviewed
CVE-2026-12110
was published
Jul 1, 2026
ProTip!
Advisories are also available from the
GraphQL API