Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

7,793 advisories

Loading
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows... Moderate Unreviewed
CVE-2020-37091 was published Feb 4, 2026
Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering... Moderate Unreviewed
CVE-2020-37096 was published Feb 4, 2026
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not implement CSRF protections... Moderate Unreviewed
CVE-2026-24434 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Blair Williams ThirstyAffiliates... Moderate Unreviewed
CVE-2026-25024 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows... Moderate Unreviewed
CVE-2026-25014 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site... Moderate Unreviewed
CVE-2026-25015 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in wp.insider Simple Membership WP user Import... Moderate Unreviewed
CVE-2026-24986 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Copyscape Copyscape Premium copyscape-premium... Moderate Unreviewed
CVE-2026-24966 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sigmize sigmize allows Cross... Moderate Unreviewed
CVE-2026-24962 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam WpEvently mage-eventpress... Moderate Unreviewed
CVE-2026-24942 was published Feb 3, 2026
Cross-site request forgery vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. If a user... Moderate Unreviewed
CVE-2026-20704 was published Feb 3, 2026
The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2026-1447 was published Feb 3, 2026
The Five Star Restaurant Reservations WordPress plugin before 2.7.9 does not have CSRF checks in... Moderate Unreviewed
CVE-2026-0658 was published Feb 2, 2026
A vulnerability was determined in SourceCodester Medical Certificate Generator App 1.0. This... Moderate Unreviewed
CVE-2026-1745 was published Feb 2, 2026
The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2026-1165 was published Jan 31, 2026
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to... Moderate Unreviewed
CVE-2020-37054 was published Jan 31, 2026
Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery... Moderate Unreviewed
CVE-2020-37046 was published Jan 31, 2026
Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to... Moderate Unreviewed
CVE-2020-37026 was published Jan 31, 2026
birkir prime <= 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL... Moderate Unreviewed
CVE-2025-15550 was published Jan 29, 2026
Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate... Moderate Unreviewed
CVE-2020-37007 was published Jan 29, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross... High Unreviewed
CVE-2025-13982 was published Jan 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site... High Unreviewed
CVE-2025-14472 was published Jan 28, 2026
The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-14795 was published Jan 28, 2026
The imwptip plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2026-1377 was published Jan 28, 2026
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '... High Unreviewed
CVE-2025-59901 was published Jan 28, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database