Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,599
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,828
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4,968 advisories

Loading
RedwoodSDK has Same-site CSRF through lack of origin validation in its server actions Moderate
GHSA-m2m6-cff5-3w7c was published for rwsdk (npm) Apr 24, 2026
mthx Credited to mthx
The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to... Moderate Unreviewed
CVE-2026-3565 was published Apr 24, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager admin-menu-manager... Moderate Unreviewed
CVE-2025-26925 was published Apr 23, 2026
goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS Moderate
GHSA-rhf7-wvw3-vjvm was published for github.com/patrickhener/goshs (Go) Apr 23, 2026
The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2026-1852 was published Apr 22, 2026
The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2026-6293 was published Apr 22, 2026
The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2026-4002 was published Apr 22, 2026
The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2026-4091 was published Apr 22, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request... Moderate Unreviewed
CVE-2025-58922 was published Apr 22, 2026
The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-6294 was published Apr 22, 2026
The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2026-4140 was published Apr 22, 2026
The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2026-4131 was published Apr 22, 2026
The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-4138 was published Apr 22, 2026
The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-4133 was published Apr 22, 2026
The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2026-4139 was published Apr 22, 2026
The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-6396 was published Apr 22, 2026
The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2026-4090 was published Apr 22, 2026
The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2026-4121 was published Apr 22, 2026
The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-4118 was published Apr 22, 2026
Dovestones Softwares AD Self Update <4.0.0.5 is vulnerable to Cross Site Request Forgery (CSRF).... Moderate Unreviewed
CVE-2026-31014 was published Apr 21, 2026
Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150. Moderate Unreviewed
CVE-2026-6755 was published Apr 21, 2026
A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function... Moderate Unreviewed
CVE-2026-6589 was published Apr 20, 2026
apache-airflow-providers-keycloak: Missing OAuth 2.0 State and PKCE Enables Login CSRF and Session Fixation Moderate
CVE-2026-40948 was published for apache-airflow-providers-keycloak (pip) Apr 18, 2026
Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2... Moderate Unreviewed
CVE-2026-28741 was published Apr 17, 2026
The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2026-6451 was published Apr 17, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database