GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
9,043 advisories
Filter by severity
The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2026-12158
was published
Jul 1, 2026
Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki -...
Moderate
Unreviewed
CVE-2026-58518
was published
Jul 1, 2026
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,...
Moderate
Unreviewed
CVE-2026-11981
was published
Jul 1, 2026
KTM System e-BOK is vulnerable to Cross‑Site Request Forgery (CSRF) in both the email-change and...
Moderate
Unreviewed
CVE-2026-35096
was published
Jun 30, 2026
The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross...
Moderate
Unreviewed
CVE-2026-8944
was published
Jun 30, 2026
The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2...
High
Unreviewed
CVE-2026-43735
was published
Jun 29, 2026
Cross Site Request Forgery vulnerability in Squidex.io Squidex CMS v.7.21.0 and before allows a...
Moderate
Unreviewed
CVE-2026-31016
was published
Jun 29, 2026
A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an...
Low
Unreviewed
CVE-2026-13537
was published
Jun 29, 2026
The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to...
Moderate
Unreviewed
CVE-2026-13422
was published
Jun 27, 2026
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
Moderate
Unreviewed
CVE-2026-57641
was published
Jun 26, 2026
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
High
Unreviewed
CVE-2026-57655
was published
Jun 26, 2026
Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin...
High
Unreviewed
CVE-2026-57659
was published
Jun 26, 2026
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
Moderate
Unreviewed
CVE-2026-57657
was published
Jun 26, 2026
Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe...
Moderate
Unreviewed
CVE-2026-57635
was published
Jun 26, 2026
Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce <= 6.8.0...
Moderate
Unreviewed
CVE-2026-57637
was published
Jun 26, 2026
Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions.
High
Unreviewed
CVE-2025-68052
was published
Jun 26, 2026
A cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application...
Moderate
Unreviewed
CVE-2026-57298
was published
Jun 24, 2026
A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50...
Moderate
Unreviewed
CVE-2026-57306
was published
Jun 24, 2026
A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025...
High
Unreviewed
CVE-2026-12986
was published
Jun 24, 2026
A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier...
Moderate
Unreviewed
CVE-2026-57305
was published
Jun 24, 2026
A cross-site request forgery (CSRF) vulnerability in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_...
Moderate
Unreviewed
CVE-2026-57292
was published
Jun 24, 2026
A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936...
Moderate
Unreviewed
CVE-2026-57290
was published
Jun 24, 2026
A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539...
Moderate
Unreviewed
CVE-2026-57295
was published
Jun 24, 2026
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331...
Moderate
Unreviewed
CVE-2026-57283
was published
Jun 24, 2026
The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Moderate
Unreviewed
CVE-2026-8905
was published
Jun 24, 2026
ProTip!
Advisories are also available from the
GraphQL API