Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

8,594 advisories

Loading
Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows... Moderate Unreviewed
CVE-2025-13671 was published Feb 20, 2026
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a cross-site request forgery... Moderate Unreviewed
CVE-2026-27758 was published Feb 27, 2026
Caddy is vulnerable to cross-origin config application via local admin API /load Moderate
CVE-2026-27589 was published for github.com/caddyserver/caddy/v2 (Go) Feb 24, 2026
1seal Credited to 1seal
Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Extra popularis-extra... Moderate Unreviewed
CVE-2026-25422 was published Feb 19, 2026
Bootstrap Multiselect Vulnerable to CSRF and Reflective XSS via Arbitrary POST Data Moderate
CVE-2025-47204 was published for bootstrap-multiselect (npm) May 13, 2025
abrom Credited to abrom
Parse Dashboard is Missing CSRF Protection for its Agent Endpoint High
CVE-2026-27609 was published for parse-dashboard (npm) Feb 25, 2026
mtrezza Credited to mtrezza
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an... High Unreviewed
CVE-2022-41296 was published Dec 12, 2022
A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the... Low Unreviewed
CVE-2026-3193 was published Feb 25, 2026
The Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-2410 was published Feb 25, 2026
Power BI Report Server Spoofing Vulnerability Critical Unreviewed
CVE-2021-41372 was published May 24, 2022
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF... Moderate Unreviewed
CVE-2026-27518 was published Feb 24, 2026
Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin... Moderate Unreviewed
CVE-2026-27741 was published Feb 24, 2026
Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions prior to 3.0.5 contain a... Moderate Unreviewed
CVE-2026-23694 was published Feb 23, 2026
Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows... High Unreviewed
CVE-2021-47730 was published Dec 9, 2025
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request... Moderate Unreviewed
CVE-2026-27513 was published Feb 23, 2026
A security vulnerability has been detected in birkir prime up to 0.4.0.beta.0. This vulnerability... Moderate Unreviewed
CVE-2026-1169 was published Jan 19, 2026
OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that... Moderate Unreviewed
CVE-2019-25447 was published Feb 21, 2026
Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data... Critical Unreviewed
CVE-2024-55089 was published Dec 18, 2024
Cross-Site Request Forgery (CSRF) vulnerability in PublishPress PublishPress Revisions... Moderate Unreviewed
CVE-2026-25322 was published Feb 19, 2026
OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints High
CVE-2026-26317 was published for clawdbot (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
Cross-Site Request Forgery (CSRF) vulnerability in wpzita Zita Elementor Site Library zita-site... Moderate Unreviewed
CVE-2026-25319 was published Feb 19, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress realpress allows Cross... Moderate Unreviewed
CVE-2026-27050 was published Feb 19, 2026
Cross-Site Request Forgery (CSRF) vulnerability in themastercut Revision Manager TMC revision... Moderate Unreviewed
CVE-2026-25411 was published Feb 19, 2026
Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site... Moderate Unreviewed
CVE-2026-25337 was published Feb 19, 2026
Cross-Site Request Forgery (CSRF) vulnerability in WP Moose Kenta Companion kenta-companion... Moderate Unreviewed
CVE-2026-27090 was published Feb 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database