Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,599
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,828
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

8,810 advisories

Loading
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin... Moderate Unreviewed
CVE-2026-1673 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 | Extensions rt18... Moderate Unreviewed
CVE-2026-39710 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo... High Unreviewed
CVE-2026-39671 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows... Moderate Unreviewed
CVE-2026-39635 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental... Moderate Unreviewed
CVE-2026-39633 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio... Moderate Unreviewed
CVE-2026-39634 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows... Critical Unreviewed
CVE-2026-39640 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross... Moderate Unreviewed
CVE-2026-39641 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross... Moderate Unreviewed
CVE-2026-39632 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows... High Unreviewed
CVE-2026-39621 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows... Critical Unreviewed
CVE-2026-39617 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows... Critical Unreviewed
CVE-2026-39619 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows... Critical Unreviewed
CVE-2026-39620 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Photography grandphotography... Moderate Unreviewed
CVE-2026-39603 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site... Moderate Unreviewed
CVE-2026-39618 was published Apr 8, 2026
The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-4141 was published Apr 8, 2026
The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for... High Unreviewed
CVE-2026-3499 was published Apr 8, 2026
The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the ... Moderate Unreviewed
CVE-2026-4401 was published Apr 8, 2026
RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests High
CVE-2026-39371 was published for rwsdk (npm) Apr 8, 2026
zebbern Credited to zebbern
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction, Coming Soon &... High Unreviewed
CVE-2026-34896 was published Apr 7, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media Share Buttons... High Unreviewed
CVE-2026-34904 was published Apr 7, 2026
A security flaw has been discovered in ProjectSend r2002. This vulnerability affects unknown code... Moderate Unreviewed
CVE-2026-5624 was published Apr 6, 2026
CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform... Moderate Unreviewed
CVE-2019-25682 was published Apr 5, 2026
A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This affects... Moderate Unreviewed
CVE-2026-5572 was published Apr 5, 2026
Nodcms contains a cross-site request forgery vulnerability Moderate
CVE-2016-20054 was published for khodakhah/nodcms (Composer) Apr 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database