Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,585 advisories

Loading
Parse Dashboard is Missing CSRF Protection for its Agent Endpoint High
CVE-2026-27609 was published for parse-dashboard (npm) Feb 25, 2026
mtrezza Credited to mtrezza
The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5... High Unreviewed
CVE-2025-12821 was published Feb 19, 2026
SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to... High Unreviewed
CVE-2019-25359 was published Feb 19, 2026
OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints High
CVE-2026-26317 was published for clawdbot (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to... High Unreviewed
CVE-2020-37158 was published Feb 11, 2026
Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery... High Unreviewed
CVE-2025-68722 was published Feb 5, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross... High Unreviewed
CVE-2025-13982 was published Jan 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site... High Unreviewed
CVE-2025-14472 was published Jan 28, 2026
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '... High Unreviewed
CVE-2025-59901 was published Jan 28, 2026
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and... High Unreviewed
CVE-2025-59892 was published Jan 28, 2026
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and... High Unreviewed
CVE-2025-59891 was published Jan 28, 2026
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and... High Unreviewed
CVE-2025-59894 was published Jan 28, 2026
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and... High Unreviewed
CVE-2025-59893 was published Jan 28, 2026
Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml... High Unreviewed
CVE-2026-22355 was published Jan 22, 2026
Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons... High Unreviewed
CVE-2025-31413 was published Jan 22, 2026
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that... High Unreviewed
CVE-2021-47860 was published Jan 21, 2026
alextselegidis/easyappointments is Vulnerable to CSRF Protection Bypass High
CVE-2026-23622 was published for alextselegidis/easyappointments (Composer) Jan 15, 2026
faroukn Credited to faroukn and Stolichnayer Stolichnayer Stolichnayer
The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable... High Unreviewed
CVE-2025-14615 was published Jan 14, 2026
GestSup versions up to and including 3.2.56 contain a cross-site request forgery (CSRF)... High Unreviewed
CVE-2026-22194 was published Jan 9, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This... High Unreviewed
CVE-2025-31054 was published Dec 31, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Zoho Mail Zoho ZeptoMail allows Stored XSS... High Unreviewed
CVE-2025-49028 was published Dec 31, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Mindstien Technologies Recent Posts From Each... High Unreviewed
CVE-2025-49354 was published Dec 31, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Page Carbajal Custom Post Status allows Stored... High Unreviewed
CVE-2025-68885 was published Dec 31, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Marcin Kijak Noindex by Path allows Stored XSS... High Unreviewed
CVE-2025-49353 was published Dec 31, 2025
Cross-Site Request Forgery (CSRF) vulnerability in mg12 WP-EasyArchives allows Stored XSS.This... High Unreviewed
CVE-2025-49345 was published Dec 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database