Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,844
Maven
5,000+
npm
4,470
NuGet
779
pip
4,231
Pub
12
RubyGems
974
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

8,469 advisories

Loading
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to... Low Unreviewed
CVE-2025-36411 was published Jan 20, 2026
The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross... Moderate Unreviewed
CVE-2026-1051 was published Jan 20, 2026
A security vulnerability has been detected in birkir prime up to 0.4.0.beta.0. This vulnerability... Moderate Unreviewed
CVE-2026-1169 was published Jan 19, 2026
A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown... Moderate Unreviewed
CVE-2026-1153 was published Jan 19, 2026
A vulnerability was determined in SourceCodester/Patrick Mvuma Patients Waiting Area Queue... Moderate Unreviewed
CVE-2026-1148 was published Jan 19, 2026
A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an... Moderate Unreviewed
CVE-2026-1142 was published Jan 19, 2026
Ubee EVW327 contains a cross-site request forgery vulnerability that allows attackers to enable... Moderate Unreviewed
CVE-2021-47820 was published Jan 16, 2026
The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-14853 was published Jan 16, 2026
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to... Moderate Unreviewed
CVE-2021-47800 was published Jan 16, 2026
alextselegidis/easyappointments is Vulnerable to CSRF Protection Bypass High
CVE-2026-23622 was published for alextselegidis/easyappointments (Composer) Jan 15, 2026
faroukn
Credited to faroukn
Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to... Moderate Unreviewed
CVE-2021-47754 was published Jan 15, 2026
The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-15376 was published Jan 14, 2026
The SocialChamp with WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2025-14846 was published Jan 14, 2026
The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-15377 was published Jan 14, 2026
The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable... High Unreviewed
CVE-2025-14615 was published Jan 14, 2026
The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,... Moderate Unreviewed
CVE-2025-14389 was published Jan 14, 2026
Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App Intercompany Balance... Moderate Unreviewed
CVE-2026-0493 was published Jan 13, 2026
A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin... Moderate Unreviewed
CVE-2021-41074 was published Jan 12, 2026
The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User... Moderate Unreviewed
CVE-2025-14976 was published Jan 10, 2026
GestSup versions up to and including 3.2.56 contain a cross-site request forgery (CSRF)... High Unreviewed
CVE-2026-22194 was published Jan 9, 2026
The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for... Moderate Unreviewed
CVE-2025-13749 was published Jan 9, 2026
Authlib has 1-click Account Takeover vulnerability Moderate
CVE-2025-68158 was published for authlib (pip) Jan 8, 2026
davidbors-snyk
Credited to davidbors-snyk
React Router has CSRF issue in Action/Server Action Request Processing Moderate
CVE-2026-22030 was published for @remix-run/server-runtime (npm) Jan 8, 2026
Oceandust
Credited to Oceandust
Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print... Moderate Unreviewed
CVE-2025-61547 was published Jan 8, 2026
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery... Moderate Unreviewed
CVE-2019-25259 was published Jan 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database