Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

7,793 advisories

Loading
The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-1380 was published Jan 28, 2026
The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-1398 was published Jan 28, 2026
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and... High Unreviewed
CVE-2025-59892 was published Jan 28, 2026
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and... High Unreviewed
CVE-2025-59891 was published Jan 28, 2026
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and... High Unreviewed
CVE-2025-59894 was published Jan 28, 2026
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and... High Unreviewed
CVE-2025-59893 was published Jan 28, 2026
The Recooty – Job Widget (Old Dashboard) plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-14616 was published Jan 28, 2026
Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to... Moderate Unreviewed
CVE-2026-24345 was published Jan 27, 2026
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site... Moderate Unreviewed
CVE-2026-24432 was published Jan 26, 2026
The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2026-1208 was published Jan 24, 2026
The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-14907 was published Jan 24, 2026
The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-14630 was published Jan 24, 2026
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any... Moderate Unreviewed
CVE-2025-13205 was published Jan 24, 2026
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-13139 was published Jan 24, 2026
The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2026-1075 was published Jan 24, 2026
The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-1088 was published Jan 24, 2026
The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-1081 was published Jan 24, 2026
The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-1076 was published Jan 24, 2026
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any... Moderate Unreviewed
CVE-2025-13194 was published Jan 24, 2026
The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-14903 was published Jan 24, 2026
The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-14906 was published Jan 24, 2026
The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-1070 was published Jan 24, 2026
Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for... Moderate Unreviewed
CVE-2026-24596 was published Jan 23, 2026
Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Term Order wp-term-order... Moderate Unreviewed
CVE-2026-24542 was published Jan 23, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory geodirectory allows Cross... Moderate Unreviewed
CVE-2026-24549 was published Jan 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database