Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

8,984 advisories

Loading
MISP contains an insecure default configuration in which the Security.check_sec_fetch_site_header... High Unreviewed
CVE-2026-54359 was published Jun 12, 2026
Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker Moderate
CVE-2026-48147 was published for @budibase/backend-core (npm) Jun 12, 2026
b-hermes Credited to b-hermes
Improper state verification in the OAuth implementation could allow an attacker to manipulate the... High Unreviewed
CVE-2026-48612 was published Jun 12, 2026
Cross-Site request forgery (CSRF) vulnerability in weDevs WooCommerce Conversion Tracking allows... Moderate Unreviewed
CVE-2022-47150 was published Jun 11, 2026
Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommerce Product Slider Carousel... Moderate Unreviewed
CVE-2022-44630 was published Jun 11, 2026
Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. WpEvently allows Cross Site... Moderate Unreviewed
CVE-2024-32110 was published Jun 11, 2026
Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the... Moderate Unreviewed
CVE-2026-53736 was published Jun 11, 2026
Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the... Moderate Unreviewed
CVE-2026-53739 was published Jun 11, 2026
Nezha has cross-site GET request that can trigger stored cron commands on a victim's agents High
CVE-2026-49396 was published for github.com/nezhahq/nezha (Go) Jun 10, 2026
sondt99 Credited to sondt99
A cross-site request forgery (CSRF) vulnerability has been reported to affect Notification Center... Moderate Unreviewed
CVE-2025-58468 was published Jun 10, 2026
SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin... Moderate Unreviewed
CVE-2026-39170 was published Jun 9, 2026
The FastPicker, an order picker and order management system (oms) for WooCommerce on steroids... Moderate Unreviewed
CVE-2026-8904 was published Jun 9, 2026
The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions... Moderate Unreviewed
CVE-2026-8907 was published Jun 9, 2026
The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-8910 was published Jun 9, 2026
The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to... Moderate Unreviewed
CVE-2026-8909 was published Jun 9, 2026
The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-8940 was published Jun 9, 2026
The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-8902 was published Jun 9, 2026
The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2026-10553 was published Jun 9, 2026
nebula-mesh's web UI lacks CSRF tokens on /ui/* mutating endpoints High
CVE-2026-47725 was published for github.com/juev/nebula-mesh (Go) Jun 8, 2026
ak2k Credited to ak2k
Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request... High Unreviewed
CVE-2025-0610 was published Jun 6, 2026
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is... Moderate Unreviewed
CVE-2026-9719 was published Jun 6, 2026
The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-7047 was published Jun 6, 2026
Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote... High Unreviewed
CVE-2026-11265 was published Jun 5, 2026
Inappropriate implementation in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a... Moderate Unreviewed
CVE-2026-11270 was published Jun 5, 2026
Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote... Moderate Unreviewed
CVE-2026-11155 was published Jun 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database