Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,599
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,828
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

8,810 advisories

Loading
goshs has CSRF in state-changing GET routes enables authenticated file deletion and directory creation Moderate
CVE-2026-40883 was published for github.com/patrickhener/goshs/v2 (Go) Apr 14, 2026
R1ZZG0D Credited to R1ZZG0D
PAC4J has a Cross-Site Request Forgery (CSRF) Vulnerability High
CVE-2026-40458 was published for org.pac4j:pac4j-core (Maven) Apr 17, 2026
WWBN AVideo is missing CSRF protection in objects/commentDelete.json.php enables mass comment deletion against moderators and content creators Moderate
CVE-2026-40929 was published for wwbn/avideo (Composer) Apr 14, 2026
offset Credited to offset
WWBN AVideo: Missing CSRF Protection on State-Changing JSON Endpoints Enables Forced Comment Creation, Vote Manipulation, and Category Asset Deletion Moderate
CVE-2026-40928 was published for wwbn/avideo (Composer) Apr 14, 2026
offset Credited to offset
WWBN AVideo has Multiple CSRF Vulnerabilities in Admin JSON Endpoints (Category CRUD, Plugin Update Script) High
CVE-2026-40926 was published for wwbn/avideo (Composer) Apr 14, 2026
WWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP Credentials High
CVE-2026-40925 was published for wwbn/avideo (Composer) Apr 14, 2026
offset Credited to offset
RedwoodSDK has Same-site CSRF through lack of origin validation in its server actions Moderate
GHSA-m2m6-cff5-3w7c was published for rwsdk (npm) Apr 24, 2026
mthx Credited to mthx
The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to... Moderate Unreviewed
CVE-2026-3565 was published Apr 24, 2026
A vulnerability in SenseLive X3050's web management interface allows state-changing operations to... High Unreviewed
CVE-2026-27841 was published Apr 24, 2026
OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when... Low Unreviewed
CVE-2026-41347 was published Apr 24, 2026
hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts... Critical Unreviewed
CVE-2026-40471 was published Apr 23, 2026
Cross-Site Request Forgery (CSRF) vulnerability in wptasker WP Discord Post Plus – ... Moderate Unreviewed
CVE-2025-49896 was published Aug 20, 2025
Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows... High Unreviewed
CVE-2025-49895 was published Aug 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager admin-menu-manager... Moderate Unreviewed
CVE-2025-26925 was published Apr 23, 2026
Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce PDF Invoice Builder.This... Moderate Unreviewed
CVE-2023-51486 was published Mar 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31... High Unreviewed
CVE-2023-41730 was published Oct 10, 2023
Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <=... High Unreviewed
CVE-2023-31078 was published Nov 10, 2023
Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions. High Unreviewed
CVE-2023-29235 was published Oct 6, 2023
Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Manager for WooCommerce plugin... High Unreviewed
CVE-2023-35091 was published Jul 11, 2023
Cross-Site Request Forgery (CSRF) vulnerability in Wpstream WpStream – Live Streaming, Video on... High Unreviewed
CVE-2023-38512 was published Jul 27, 2023
Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site... Moderate Unreviewed
CVE-2024-49290 was published Oct 20, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross... Moderate Unreviewed
CVE-2024-49627 was published Oct 20, 2024
goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS Moderate
GHSA-rhf7-wvw3-vjvm was published for github.com/patrickhener/goshs (Go) Apr 23, 2026
engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection High
GHSA-2r2p-4cgf-hv7h was published for engramx (npm) Apr 22, 2026
gabiudrescu Credited to gabiudrescu
The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2026-6293 was published Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database