Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,599
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,828
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3,634 advisories

Loading
A vulnerability in SenseLive X3050's web management interface allows state-changing operations to... High Unreviewed
CVE-2026-27841 was published Apr 24, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18... High Unreviewed
CVE-2026-4922 was published Apr 22, 2026
engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection High
GHSA-2r2p-4cgf-hv7h was published for engramx (npm) Apr 22, 2026
gabiudrescu Credited to gabiudrescu
Nginx-UI: Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints High
CVE-2026-34403 was published for github.com/0xJacky/Nginx-UI (Go) Apr 21, 2026
PAC4J has a Cross-Site Request Forgery (CSRF) Vulnerability High
CVE-2026-40458 was published for org.pac4j:pac4j-core (Maven) Apr 17, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms... High Unreviewed
CVE-2026-40764 was published Apr 15, 2026
WWBN AVideo has Multiple CSRF Vulnerabilities in Admin JSON Endpoints (Category CRUD, Plugin Update Script) High
CVE-2026-40926 was published for wwbn/avideo (Composer) Apr 14, 2026
WWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP Credentials High
CVE-2026-40925 was published for wwbn/avideo (Composer) Apr 14, 2026
offset Credited to offset
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to... High Unreviewed
CVE-2019-25693 was published Apr 12, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo... High Unreviewed
CVE-2026-39671 was published Apr 8, 2026
Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows... High Unreviewed
CVE-2026-39621 was published Apr 8, 2026
The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for... High Unreviewed
CVE-2026-3499 was published Apr 8, 2026
RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests High
CVE-2026-39371 was published for rwsdk (npm) Apr 8, 2026
zebbern Credited to zebbern
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction, Coming Soon &... High Unreviewed
CVE-2026-34896 was published Apr 7, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media Share Buttons... High Unreviewed
CVE-2026-34904 was published Apr 7, 2026
AVideo's CSRF on Admin Plugin Configuration Enables Payment Credential Hijacking High
CVE-2026-34394 was published for wwbn/avideo (Composer) Mar 31, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Site Request Forgery... High Unreviewed
CVE-2026-33373 was published Mar 30, 2026
A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS WebUI could allow... High Unreviewed
CVE-2026-4315 was published Mar 30, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7,... High Unreviewed
CVE-2026-3857 was published Mar 25, 2026
AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification High
CVE-2026-33649 was published for wwbn/avideo (Composer) Mar 25, 2026
offset Credited to offset
DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability in ... High Unreviewed
CVE-2026-29839 was published Mar 24, 2026
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF... High Unreviewed
CVE-2026-31849 was published Mar 23, 2026
The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path... High Unreviewed
CVE-2025-14037 was published Mar 21, 2026
AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload High
CVE-2026-33507 was published for wwbn/avideo (Composer) Mar 20, 2026
offset Credited to offset
Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows... High Unreviewed
CVE-2026-32989 was published Mar 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database