GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,323
Maven
5,000+
npm
5,000+
NuGet
1,031
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,494
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
8,195 advisories
Filter by severity
The Loco Translate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all...
High
Unreviewed
CVE-2026-15005
was published
Jul 16, 2026
The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages...
Moderate
Unreviewed
CVE-2026-12409
was published
Jul 16, 2026
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform...
High
Unreviewed
CVE-2026-20296
was published
Jul 15, 2026
Cross Site Request Forgery vulnerability in andreimarcu linux-server v.1.0 through v.2.3.8 allows...
High
Unreviewed
CVE-2026-52100
was published
Jul 14, 2026
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a cross-site request...
High
Unreviewed
CVE-2026-58476
was published
Jul 14, 2026
Rejetto HFS 3.0.0 through 3.2.0 accepts state-changing API requests via the GET method and...
Moderate
Unreviewed
CVE-2026-61502
was published
Jul 13, 2026
Cross-Site Request Forgery (CSRF) vulnerability in hamsalam ووسلام – همگام سازی ووکامرس و...
High
Unreviewed
CVE-2026-61956
was published
Jul 13, 2026
Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core...
High
Unreviewed
CVE-2026-57786
was published
Jul 13, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Ray Enterprise Translation allows Cross...
High
Unreviewed
CVE-2026-15080
was published
Jul 11, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Salesforce Suite allows Cross Site...
Critical
Unreviewed
CVE-2026-13243
was published
Jul 11, 2026
The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after...
High
Unreviewed
CVE-2026-38057
was published
Jul 10, 2026
The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for...
Moderate
Unreviewed
CVE-2026-6440
was published
Jul 10, 2026
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request...
High
Unreviewed
CVE-2026-15070
was published
Jul 10, 2026
Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows...
High
Unreviewed
CVE-2026-58143
was published
Jul 10, 2026
The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable...
High
Unreviewed
CVE-2026-4275
was published
Jul 9, 2026
Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s...
Moderate
Unreviewed
CVE-2026-5923
was published
Jul 9, 2026
A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected...
Low
Unreviewed
CVE-2026-15034
was published
Jul 8, 2026
The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable...
Moderate
Unreviewed
CVE-2026-12002
was published
Jul 8, 2026
The Wp Js Detect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions...
Moderate
Unreviewed
CVE-2026-9731
was published
Jul 8, 2026
Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a...
Moderate
Unreviewed
CVE-2026-58315
was published
Jul 7, 2026
Leantime contains an OIDC login CSRF vulnerability in the verifyState() method that...
High
Unreviewed
CVE-2026-59713
was published
Jul 6, 2026
A weakness has been identified in imhamzaazam ecommerceFlask up to...
Low
Unreviewed
CVE-2026-14800
was published
Jul 6, 2026
Cross-Site Request Forgery (CSRF) vulnerability in properfraction CrawlWP SEO allows Cross Site...
Moderate
Unreviewed
CVE-2026-59520
was published
Jul 6, 2026
Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state...
High
Unreviewed
CVE-2026-12740
was published
Jul 4, 2026
Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0...
High
Unreviewed
CVE-2026-12746
was published
Jul 4, 2026
ProTip!
Advisories are also available from the
GraphQL API