Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,760
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4,942 advisories

Loading
Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover allows... Moderate Unreviewed
CVE-2025-15635 was published Apr 15, 2026
Cross-Site Request Forgery (CSRF) vulnerability in DeluxeThemes Userpro allows Cross Site Request... Moderate Unreviewed
CVE-2025-53444 was published Apr 15, 2026
WWBN AVideo is missing CSRF protection in objects/commentDelete.json.php enables mass comment deletion against moderators and content creators Moderate
GHSA-8qm8-g55h-xmqr was published for wwbn/avideo (Composer) Apr 14, 2026
offset Credited to offset
WWBN AVideo: Missing CSRF Protection on State-Changing JSON Endpoints Enables Forced Comment Creation, Vote Manipulation, and Category Asset Deletion Moderate
GHSA-x2pw-9c38-cp2j was published for wwbn/avideo (Composer) Apr 14, 2026
offset Credited to offset
goshs has CSRF in state-changing GET routes enables authenticated file deletion and directory creation Moderate
CVE-2026-40883 was published for github.com/patrickhener/goshs/v2 (Go) Apr 14, 2026
R1ZZG0D Credited to R1ZZG0D
Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform... Moderate Unreviewed
CVE-2026-40041 was published Apr 13, 2026
Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows... Moderate Unreviewed
CVE-2019-25708 was published Apr 12, 2026
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-1924 was published Apr 10, 2026
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2026-0811 was published Apr 8, 2026
The WIP Incoming Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2024-11416 was published Apr 8, 2026
The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2024-10726 was published Apr 8, 2026
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin... Moderate Unreviewed
CVE-2026-1672 was published Apr 8, 2026
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin... Moderate Unreviewed
CVE-2026-1673 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 | Extensions rt18... Moderate Unreviewed
CVE-2026-39710 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental... Moderate Unreviewed
CVE-2026-39633 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross... Moderate Unreviewed
CVE-2026-39632 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows... Moderate Unreviewed
CVE-2026-39635 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio... Moderate Unreviewed
CVE-2026-39634 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross... Moderate Unreviewed
CVE-2026-39641 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Photography grandphotography... Moderate Unreviewed
CVE-2026-39603 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site... Moderate Unreviewed
CVE-2026-39618 was published Apr 8, 2026
The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-4141 was published Apr 8, 2026
The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the ... Moderate Unreviewed
CVE-2026-4401 was published Apr 8, 2026
A security flaw has been discovered in ProjectSend r2002. This vulnerability affects unknown code... Moderate Unreviewed
CVE-2026-5624 was published Apr 6, 2026
CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform... Moderate Unreviewed
CVE-2019-25682 was published Apr 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database