Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,760
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

8,777 advisories

Loading
Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover allows... Moderate Unreviewed
CVE-2025-15635 was published Apr 15, 2026
Cross-Site Request Forgery (CSRF) vulnerability in DeluxeThemes Userpro allows Cross Site Request... Moderate Unreviewed
CVE-2025-53444 was published Apr 15, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms... High Unreviewed
CVE-2026-40764 was published Apr 15, 2026
WWBN AVideo is missing CSRF protection in objects/commentDelete.json.php enables mass comment deletion against moderators and content creators Moderate
GHSA-8qm8-g55h-xmqr was published for wwbn/avideo (Composer) Apr 14, 2026
offset Credited to offset
WWBN AVideo: Missing CSRF Protection on State-Changing JSON Endpoints Enables Forced Comment Creation, Vote Manipulation, and Category Asset Deletion Moderate
GHSA-x2pw-9c38-cp2j was published for wwbn/avideo (Composer) Apr 14, 2026
offset Credited to offset
WWBN AVideo has Multiple CSRF Vulnerabilities in Admin JSON Endpoints (Category CRUD, Plugin Update Script) High
GHSA-ffw8-fwxp-h64w was published for wwbn/avideo (Composer) Apr 14, 2026
WWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP Credentials High
GHSA-vvfw-4m39-fjqf was published for wwbn/avideo (Composer) Apr 14, 2026
offset Credited to offset
goshs has CSRF in state-changing GET routes enables authenticated file deletion and directory creation Moderate
CVE-2026-40883 was published for github.com/patrickhener/goshs/v2 (Go) Apr 14, 2026
R1ZZG0D Credited to R1ZZG0D
Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform... Moderate Unreviewed
CVE-2026-40041 was published Apr 13, 2026
Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows... Moderate Unreviewed
CVE-2019-25708 was published Apr 12, 2026
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to... High Unreviewed
CVE-2019-25693 was published Apr 12, 2026
MetaGPT has an eval injection via a cross-site request forgery attack Low
CVE-2026-6109 was published for metagpt (pip) Apr 12, 2026
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-1924 was published Apr 10, 2026
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2026-0811 was published Apr 8, 2026
The WIP Incoming Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2024-11416 was published Apr 8, 2026
The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2024-10726 was published Apr 8, 2026
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin... Moderate Unreviewed
CVE-2026-1672 was published Apr 8, 2026
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin... Moderate Unreviewed
CVE-2026-1673 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 | Extensions rt18... Moderate Unreviewed
CVE-2026-39710 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental... Moderate Unreviewed
CVE-2026-39633 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross... Moderate Unreviewed
CVE-2026-39632 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows... Moderate Unreviewed
CVE-2026-39635 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows... Critical Unreviewed
CVE-2026-39640 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio... Moderate Unreviewed
CVE-2026-39634 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross... Moderate Unreviewed
CVE-2026-39641 was published Apr 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database