Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

8,594 advisories

Loading
birkir prime <= 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL... Moderate Unreviewed
CVE-2025-15550 was published Jan 29, 2026
Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate... Moderate Unreviewed
CVE-2020-37007 was published Jan 29, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross... High Unreviewed
CVE-2025-13982 was published Jan 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site... High Unreviewed
CVE-2025-14472 was published Jan 28, 2026
The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-14795 was published Jan 28, 2026
The imwptip plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2026-1377 was published Jan 28, 2026
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '... High Unreviewed
CVE-2025-59901 was published Jan 28, 2026
The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-1380 was published Jan 28, 2026
The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-1398 was published Jan 28, 2026
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and... High Unreviewed
CVE-2025-59892 was published Jan 28, 2026
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and... High Unreviewed
CVE-2025-59891 was published Jan 28, 2026
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and... High Unreviewed
CVE-2025-59894 was published Jan 28, 2026
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and... High Unreviewed
CVE-2025-59893 was published Jan 28, 2026
The Recooty – Job Widget (Old Dashboard) plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-14616 was published Jan 28, 2026
Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to... Moderate Unreviewed
CVE-2026-24345 was published Jan 27, 2026
sigstore CSRF possibility in OIDC authentication during signing Low
CVE-2026-24408 was published for sigstore (pip) Jan 26, 2026
jku Credited to jku
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site... Moderate Unreviewed
CVE-2026-24432 was published Jan 26, 2026
The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2026-1208 was published Jan 24, 2026
The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-14907 was published Jan 24, 2026
The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-14630 was published Jan 24, 2026
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any... Moderate Unreviewed
CVE-2025-13205 was published Jan 24, 2026
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-13139 was published Jan 24, 2026
The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2026-1075 was published Jan 24, 2026
The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-1088 was published Jan 24, 2026
The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-1081 was published Jan 24, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database