GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
9,088 advisories
Filter by severity
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a cross-site request...
High
Unreviewed
CVE-2026-58476
was published
Jul 14, 2026
Kimai: Login CSRF in the Timesheet Stop and Restart API Endpoints Allows Unauthorized State Changes
Moderate
CVE-2026-52823
was published
for
kimai/kimai
(Composer)
Jul 14, 2026
Kimai: Login CSRF in Default Team Creation Endpoints Allows Unauthorized Team and Permission Structure Changes
Moderate
CVE-2026-49992
was published
for
kimai/kimai
(Composer)
Jul 13, 2026
Rejetto HFS 3.0.0 through 3.2.0 accepts state-changing API requests via the GET method and...
Moderate
Unreviewed
CVE-2026-61502
was published
Jul 13, 2026
Cross-Site Request Forgery (CSRF) vulnerability in hamsalam ووسلام – همگام سازی ووکامرس و...
High
Unreviewed
CVE-2026-61956
was published
Jul 13, 2026
Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core...
High
Unreviewed
CVE-2026-57786
was published
Jul 13, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Salesforce Suite allows Cross Site...
Critical
Unreviewed
CVE-2026-13243
was published
Jul 11, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Ray Enterprise Translation allows Cross...
High
Unreviewed
CVE-2026-15080
was published
Jul 11, 2026
The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after...
High
Unreviewed
CVE-2026-38057
was published
Jul 10, 2026
The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for...
Moderate
Unreviewed
CVE-2026-6440
was published
Jul 10, 2026
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request...
High
Unreviewed
CVE-2026-15070
was published
Jul 10, 2026
Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows...
High
Unreviewed
CVE-2026-58143
was published
Jul 10, 2026
YesWiki Vulnerable to Authenticated PHP Object Injection in BazarImportAction via unserialize
Critical
CVE-2026-52777
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
Admidio: CSRF on Plugin Install, Uninstall, and Update via Unprotected GET Requests
Moderate
CVE-2026-53760
was published
for
admidio/admidio
(Composer)
Jul 9, 2026
The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable...
High
Unreviewed
CVE-2026-4275
was published
Jul 9, 2026
Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s...
Moderate
Unreviewed
CVE-2026-5923
was published
Jul 9, 2026
Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE
High
CVE-2026-49471
was published
for
serena-agent
(pip)
Jul 8, 2026
Waku: Cross-Origin CSRF on RSC Server Action Dispatch
Moderate
CVE-2026-49455
was published
for
waku
(npm)
Jul 8, 2026
Joro: Unauthenticated Cross-Origin Plugin Upload Leads to RCE
Critical
CVE-2026-53649
was published
for
github.com/BishopFox/joro
(Go)
Jul 8, 2026
A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected...
Low
Unreviewed
CVE-2026-15034
was published
Jul 8, 2026
The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable...
Moderate
Unreviewed
CVE-2026-12002
was published
Jul 8, 2026
The Wp Js Detect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions...
Moderate
Unreviewed
CVE-2026-9731
was published
Jul 8, 2026
ha-mcp: Add-on settings and policy routes are reachable without authentication at the bare root path
Moderate
GHSA-q855-8rh5-jfgq
was published
for
ha-mcp
(pip)
Jul 7, 2026
New API is vulnerable to CSRF through user email binding
Moderate
CVE-2026-44342
was published
for
github.com/QuantumNous/new-api
(Go)
Jul 7, 2026
Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a...
Moderate
Unreviewed
CVE-2026-58315
was published
Jul 7, 2026
ProTip!
Advisories are also available from the
GraphQL API