Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

8,764 advisories

Loading
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-1924 was published Apr 10, 2026
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2026-0811 was published Apr 8, 2026
The WIP Incoming Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2024-11416 was published Apr 8, 2026
The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2024-10726 was published Apr 8, 2026
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin... Moderate Unreviewed
CVE-2026-1673 was published Apr 8, 2026
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin... Moderate Unreviewed
CVE-2026-1672 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 | Extensions rt18... Moderate Unreviewed
CVE-2026-39710 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows... Unknown Unreviewed
CVE-2026-39640 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio... Unknown Unreviewed
CVE-2026-39634 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross... Unknown Unreviewed
CVE-2026-39632 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo... Unknown Unreviewed
CVE-2026-39671 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows... Moderate Unreviewed
CVE-2026-39635 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross... Moderate Unreviewed
CVE-2026-39641 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental... Moderate Unreviewed
CVE-2026-39633 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site... Unknown Unreviewed
CVE-2026-39618 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows... Unknown Unreviewed
CVE-2026-39620 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Photography grandphotography... Moderate Unreviewed
CVE-2026-39603 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows... Critical Unreviewed
CVE-2026-39617 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows... High Unreviewed
CVE-2026-39621 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows... Critical Unreviewed
CVE-2026-39619 was published Apr 8, 2026
The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-4141 was published Apr 8, 2026
The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for... High Unreviewed
CVE-2026-3499 was published Apr 8, 2026
The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the ... Moderate Unreviewed
CVE-2026-4401 was published Apr 8, 2026
RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests High
CVE-2026-39371 was published for rwsdk (npm) Apr 8, 2026
zebbern Credited to zebbern
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media Share Buttons... High Unreviewed
CVE-2026-34904 was published Apr 7, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database