Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

8,594 advisories

Loading
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a cross-site request forgery... Moderate Unreviewed
CVE-2026-27758 was published Feb 27, 2026
Parse Dashboard is Missing CSRF Protection for its Agent Endpoint High
CVE-2026-27609 was published for parse-dashboard (npm) Feb 25, 2026
mtrezza Credited to mtrezza
A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the... Low Unreviewed
CVE-2026-3193 was published Feb 25, 2026
The Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-2410 was published Feb 25, 2026
Caddy is vulnerable to cross-origin config application via local admin API /load Moderate
CVE-2026-27589 was published for github.com/caddyserver/caddy/v2 (Go) Feb 24, 2026
1seal Credited to 1seal
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF... Moderate Unreviewed
CVE-2026-27518 was published Feb 24, 2026
Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin... Moderate Unreviewed
CVE-2026-27741 was published Feb 24, 2026
Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions prior to 3.0.5 contain a... Moderate Unreviewed
CVE-2026-23694 was published Feb 23, 2026
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request... Moderate Unreviewed
CVE-2026-27513 was published Feb 23, 2026
OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that... Moderate Unreviewed
CVE-2019-25447 was published Feb 21, 2026
Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows... Moderate Unreviewed
CVE-2025-13671 was published Feb 20, 2026
Cross-Site Request Forgery (CSRF) vulnerability in WP Moose Kenta Companion kenta-companion... Moderate Unreviewed
CVE-2026-27090 was published Feb 19, 2026
Cross-Site Request Forgery (CSRF) vulnerability in themastercut Revision Manager TMC revision... Moderate Unreviewed
CVE-2026-25411 was published Feb 19, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress realpress allows Cross... Moderate Unreviewed
CVE-2026-27050 was published Feb 19, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Extra popularis-extra... Moderate Unreviewed
CVE-2026-25422 was published Feb 19, 2026
Cross-Site Request Forgery (CSRF) vulnerability in PublishPress PublishPress Revisions... Moderate Unreviewed
CVE-2026-25322 was published Feb 19, 2026
Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site... Moderate Unreviewed
CVE-2026-25337 was published Feb 19, 2026
Cross-Site Request Forgery (CSRF) vulnerability in wpzita Zita Elementor Site Library zita-site... Moderate Unreviewed
CVE-2026-25319 was published Feb 19, 2026
The Whatsiplus Scheduled Notification for Woocommerce plugin for WordPress is vulnerable to Cross... Moderate Unreviewed
CVE-2026-1455 was published Feb 19, 2026
The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5... High Unreviewed
CVE-2025-12821 was published Feb 19, 2026
The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-12172 was published Feb 19, 2026
The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-14167 was published Feb 19, 2026
The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2025-13413 was published Feb 19, 2026
The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-13438 was published Feb 19, 2026
SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to... High Unreviewed
CVE-2019-25359 was published Feb 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database