Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

8,263 advisories

Loading
Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0. Moderate Unreviewed
CVE-2025-51733 was published Nov 28, 2025
The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-13737 was published Nov 28, 2025
Cross-Site Request Forgery in sqlite-web High
CVE-2021-23404 was published for sqlite-web (pip) Sep 9, 2021
JohnGale87
Credited to JohnGale87
Atro CSRF Middleware Bypass (security.checkOrigin) Moderate
CVE-2024-56140 was published for astro (npm) Dec 18, 2024
KageShiron ematipico
delucis ascorbic
Credited to KageShiron, ematipico, delucis, and ascorbic
The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross... Moderate Unreviewed
CVE-2025-13143 was published Nov 27, 2025
The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-12578 was published Nov 27, 2025
PAD CMS is vulnerable to Cross-Site Request Forgery in reset password's functionality. Malicious... Moderate Unreviewed
CVE-2025-8119 was published Sep 30, 2025
The Conditional Maintenance Mode for WordPress plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-12586 was published Nov 25, 2025
The Peer Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-12587 was published Nov 25, 2025
Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a... Low Unreviewed
CVE-2025-62497 was published Nov 25, 2025
A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro... Moderate Unreviewed
CVE-2025-63952 was published Nov 24, 2025
A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro... Moderate Unreviewed
CVE-2025-63953 was published Nov 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0... High Unreviewed
CVE-2025-56400 was published Nov 24, 2025
The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File... High Unreviewed
CVE-2025-11087 was published Nov 21, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Giveaways and Contests by... Moderate Unreviewed
CVE-2025-66064 was published Nov 21, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting... Moderate Unreviewed
CVE-2025-66061 was published Nov 21, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Igor Jerosimić I Order Terms i-order-terms... Moderate Unreviewed
CVE-2025-66097 was published Nov 21, 2025
The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-13142 was published Nov 21, 2025
The AuthorSure plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-13134 was published Nov 21, 2025
Cross-site request forgery vulnerability exists in LogStare Collector. If a user views a crafted... Moderate Unreviewed
CVE-2025-62687 was published Nov 21, 2025
Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented... Moderate Unreviewed
CVE-2025-59110 was published Nov 18, 2025
Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious... Moderate Unreviewed
CVE-2025-59112 was published Nov 18, 2025
A Cross-Site Request Forgery (CSRF) vulnerability was identified in HCL Glovius Cloud. An... Moderate Unreviewed
CVE-2025-62346 was published Nov 20, 2025
Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious... Moderate Unreviewed
CVE-2025-59114 was published Nov 18, 2025
The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all... Moderate Unreviewed
CVE-2025-12535 was published Nov 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database