Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,950
Maven
5,000+
npm
4,596
NuGet
787
pip
4,301
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

8,547 advisories

Loading
The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-1082 was published Feb 7, 2026
Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability... Moderate Unreviewed
CVE-2020-37079 was published Feb 7, 2026
Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows... Moderate Unreviewed
CVE-2020-37106 was published Feb 7, 2026
The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-1785 was published Feb 6, 2026
Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers... Moderate Unreviewed
CVE-2020-37144 was published Feb 5, 2026
HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add... Moderate Unreviewed
CVE-2020-37145 was published Feb 5, 2026
Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead... Moderate Unreviewed
CVE-2020-37149 was published Feb 5, 2026
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows... Moderate Unreviewed
CVE-2020-37118 was published Feb 5, 2026
IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud... Moderate Unreviewed
CVE-2024-40685 was published Feb 5, 2026
A vulnerability was identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb.... Moderate Unreviewed
CVE-2026-1835 was published Feb 4, 2026
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows... Moderate Unreviewed
CVE-2020-37091 was published Feb 4, 2026
Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering... Moderate Unreviewed
CVE-2020-37096 was published Feb 4, 2026
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not implement CSRF protections... Moderate Unreviewed
CVE-2026-24434 was published Feb 3, 2026
Qwik City CSRF protection middleware does not work properly for content type header with parameters (eg. multipart/form-data) Moderate
CVE-2026-25155 was published for @builder.io/qwik-city (npm) Feb 3, 2026
Qwik City has a CSRF Protection Bypass via Content-Type Header Validation Moderate
CVE-2026-25151 was published for @builder.io/qwik-city (npm) Feb 3, 2026
KageShiron
Credited to KageShiron
Cross-Site Request Forgery (CSRF) vulnerability in Blair Williams ThirstyAffiliates... Moderate Unreviewed
CVE-2026-25024 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site... Moderate Unreviewed
CVE-2026-25015 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows... Moderate Unreviewed
CVE-2026-25014 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in wp.insider Simple Membership WP user Import... Moderate Unreviewed
CVE-2026-24986 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Copyscape Copyscape Premium copyscape-premium... Moderate Unreviewed
CVE-2026-24966 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sigmize sigmize allows Cross... Unknown Unreviewed
CVE-2026-24962 was published Feb 3, 2026
Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam WpEvently mage-eventpress... Moderate Unreviewed
CVE-2026-24942 was published Feb 3, 2026
The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2026-1447 was published Feb 3, 2026
Cross-site request forgery vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. If a user... Moderate Unreviewed
CVE-2026-20704 was published Feb 3, 2026
The Five Star Restaurant Reservations WordPress plugin before 2.7.9 does not have CSRF checks in... Moderate Unreviewed
CVE-2026-0658 was published Feb 2, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database