Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

8,594 advisories

Loading
Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead... Moderate Unreviewed
CVE-2020-37149 was published Feb 5, 2026
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows... Moderate Unreviewed
CVE-2020-37118 was published Feb 5, 2026
Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery... High Unreviewed
CVE-2025-68722 was published Feb 5, 2026
IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud... Moderate Unreviewed
CVE-2024-40685 was published Feb 5, 2026
A vulnerability was identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb.... Moderate Unreviewed
CVE-2026-1835 was published Feb 4, 2026
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows... Moderate Unreviewed
CVE-2020-37091 was published Feb 4, 2026
Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering... Moderate Unreviewed
CVE-2020-37096 was published Feb 4, 2026
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not implement CSRF protections... Moderate Unreviewed
CVE-2026-24434 was published Feb 3, 2026
Qwik City CSRF protection middleware does not work properly for content type header with parameters (eg. multipart/form-data) Moderate
CVE-2026-25155 was published for @builder.io/qwik-city (npm) Feb 3, 2026
Qwik City has a CSRF Protection Bypass via Content-Type Header Validation Moderate
CVE-2026-25151 was published for @builder.io/qwik-city (npm) Feb 3, 2026
KageShiron Credited to KageShiron
Cross-Site Request Forgery (CSRF) vulnerability in Blair Williams ThirstyAffiliates... Moderate Unreviewed
CVE-2026-25024 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows... Moderate Unreviewed
CVE-2026-25014 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site... Moderate Unreviewed
CVE-2026-25015 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in wp.insider Simple Membership WP user Import... Moderate Unreviewed
CVE-2026-24986 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Copyscape Copyscape Premium copyscape-premium... Moderate Unreviewed
CVE-2026-24966 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sigmize sigmize allows Cross... Moderate Unreviewed
CVE-2026-24962 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam WpEvently mage-eventpress... Moderate Unreviewed
CVE-2026-24942 was published Feb 3, 2026
Cross-site request forgery vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. If a user... Moderate Unreviewed
CVE-2026-20704 was published Feb 3, 2026
The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2026-1447 was published Feb 3, 2026
The Five Star Restaurant Reservations WordPress plugin before 2.7.9 does not have CSRF checks in... Moderate Unreviewed
CVE-2026-0658 was published Feb 2, 2026
A vulnerability was determined in SourceCodester Medical Certificate Generator App 1.0. This... Moderate Unreviewed
CVE-2026-1745 was published Feb 2, 2026
The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2026-1165 was published Jan 31, 2026
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to... Moderate Unreviewed
CVE-2020-37054 was published Jan 31, 2026
Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery... Moderate Unreviewed
CVE-2020-37046 was published Jan 31, 2026
Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to... Moderate Unreviewed
CVE-2020-37026 was published Jan 31, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database