Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,599
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,828
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

7,973 advisories

Loading
The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to... Moderate Unreviewed
CVE-2026-3565 was published Apr 24, 2026
A vulnerability in SenseLive X3050's web management interface allows state-changing operations to... High Unreviewed
CVE-2026-27841 was published Apr 24, 2026
OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when... Low Unreviewed
CVE-2026-41347 was published Apr 24, 2026
hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts... Critical Unreviewed
CVE-2026-40471 was published Apr 23, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager admin-menu-manager... Moderate Unreviewed
CVE-2025-26925 was published Apr 23, 2026
The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2026-1852 was published Apr 22, 2026
The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2026-6293 was published Apr 22, 2026
The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2026-4002 was published Apr 22, 2026
The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2026-4091 was published Apr 22, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18... High Unreviewed
CVE-2026-4922 was published Apr 22, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request... Moderate Unreviewed
CVE-2025-58922 was published Apr 22, 2026
The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-6294 was published Apr 22, 2026
The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2026-4140 was published Apr 22, 2026
The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2026-4131 was published Apr 22, 2026
The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-4138 was published Apr 22, 2026
The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-4133 was published Apr 22, 2026
The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2026-4139 was published Apr 22, 2026
The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-6396 was published Apr 22, 2026
The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2026-4090 was published Apr 22, 2026
The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2026-4121 was published Apr 22, 2026
The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-4118 was published Apr 22, 2026
Dovestones Softwares AD Self Update <4.0.0.5 is vulnerable to Cross Site Request Forgery (CSRF).... Moderate Unreviewed
CVE-2026-31014 was published Apr 21, 2026
Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150. Moderate Unreviewed
CVE-2026-6755 was published Apr 21, 2026
A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function... Moderate Unreviewed
CVE-2026-6589 was published Apr 20, 2026
Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2... Moderate Unreviewed
CVE-2026-28741 was published Apr 17, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database