Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,599
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,828
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

8,810 advisories

Loading
RedwoodSDK has Same-site CSRF through lack of origin validation in its server actions Moderate
GHSA-m2m6-cff5-3w7c was published for rwsdk (npm) Apr 24, 2026
mthx Credited to mthx
The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to... Moderate Unreviewed
CVE-2026-3565 was published Apr 24, 2026
A vulnerability in SenseLive X3050's web management interface allows state-changing operations to... High Unreviewed
CVE-2026-27841 was published Apr 24, 2026
OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when... Low Unreviewed
CVE-2026-41347 was published Apr 24, 2026
hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts... Critical Unreviewed
CVE-2026-40471 was published Apr 23, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager admin-menu-manager... Moderate Unreviewed
CVE-2025-26925 was published Apr 23, 2026
goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS Moderate
GHSA-rhf7-wvw3-vjvm was published for github.com/patrickhener/goshs (Go) Apr 23, 2026
The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2026-1852 was published Apr 22, 2026
The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2026-6293 was published Apr 22, 2026
The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2026-4002 was published Apr 22, 2026
The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2026-4091 was published Apr 22, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18... High Unreviewed
CVE-2026-4922 was published Apr 22, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request... Moderate Unreviewed
CVE-2025-58922 was published Apr 22, 2026
engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection High
GHSA-2r2p-4cgf-hv7h was published for engramx (npm) Apr 22, 2026
gabiudrescu Credited to gabiudrescu
The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-6294 was published Apr 22, 2026
The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2026-4140 was published Apr 22, 2026
The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2026-4131 was published Apr 22, 2026
The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-4138 was published Apr 22, 2026
The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-4133 was published Apr 22, 2026
The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2026-4139 was published Apr 22, 2026
The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-6396 was published Apr 22, 2026
The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2026-4090 was published Apr 22, 2026
The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2026-4121 was published Apr 22, 2026
The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-4118 was published Apr 22, 2026
Dovestones Softwares AD Self Update <4.0.0.5 is vulnerable to Cross Site Request Forgery (CSRF).... Moderate Unreviewed
CVE-2026-31014 was published Apr 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database