GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 26,464
Composer 5,253
Erlang 40
GitHub Actions 41
Go 3,049
Maven 6,276
npm 4,787
NuGet 825
pip 4,384
Pub 12
RubyGems 988
Rust 1,144
Swift 50

Unreviewed advisories

All unreviewed 291,428

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

8,594 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2026-1076 was published Jan 24, 2026

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any... Moderate Unreviewed

CVE-2025-13194 was published Jan 24, 2026

The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed

CVE-2025-14903 was published Jan 24, 2026

The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed

CVE-2025-14906 was published Jan 24, 2026

The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2026-1070 was published Jan 24, 2026

Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for... Moderate Unreviewed

CVE-2026-24596 was published Jan 23, 2026

Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Term Order wp-term-order... Moderate Unreviewed

CVE-2026-24542 was published Jan 23, 2026

Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory geodirectory allows Cross... Moderate Unreviewed

CVE-2026-24549 was published Jan 23, 2026

Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail... Moderate Unreviewed

CVE-2026-24521 was published Jan 23, 2026

Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce... Moderate Unreviewed

CVE-2026-24365 was published Jan 22, 2026

Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom... Moderate Unreviewed

CVE-2026-24374 was published Jan 22, 2026

Cross-Site Request Forgery (CSRF) vulnerability in launchinteractive Merge + Minify + Refresh... Moderate Unreviewed

CVE-2026-24384 was published Jan 22, 2026

Cross-Site Request Forgery (CSRF) vulnerability in richardevcom Add Polylang support for... Moderate Unreviewed

CVE-2026-22462 was published Jan 22, 2026

Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross... Moderate Unreviewed

CVE-2026-22483 was published Jan 22, 2026

PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on... Moderate Unreviewed

CVE-2025-70899 was published Jan 22, 2026

Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml... High Unreviewed

CVE-2026-22355 was published Jan 22, 2026

Cross-Site Request Forgery (CSRF) vulnerability in AA-Team Wordpress Movies Bulk Importer movies... Moderate Unreviewed

CVE-2026-22359 was published Jan 22, 2026

Cross-Site Request Forgery (CSRF) vulnerability in AA-Team SearchAzon searchazon allows Cross... Moderate Unreviewed

CVE-2026-22360 was published Jan 22, 2026

Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes PawFriends - Pet Shop and... Moderate Unreviewed

CVE-2026-22382 was published Jan 22, 2026

Cross-Site Request Forgery (CSRF) vulnerability in Angel Costa WP SEO Search wp-seo-search allows... Moderate Unreviewed

CVE-2025-67626 was published Jan 22, 2026

Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons... High Unreviewed

CVE-2025-31413 was published Jan 22, 2026

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that... High Unreviewed

CVE-2021-47860 was published Jan 21, 2026

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF)... Moderate Unreviewed

CVE-2021-47830 was published Jan 21, 2026

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to... Low Unreviewed

CVE-2025-36411 was published Jan 20, 2026

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross... Moderate Unreviewed

CVE-2026-1051 was published Jan 20, 2026

Previous 1…5…344 Next

Previous 1 2 3 4 5 6 7 … 343 344 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

8,594 advisories