Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

7,522 advisories

Loading
The Quantic Social Image Hover plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2025-13360 was published Dec 5, 2025
The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-12128 was published Dec 5, 2025
The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai... Moderate Unreviewed
CVE-2025-12189 was published Dec 5, 2025
The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-12190 was published Dec 5, 2025
The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-11759 was published Dec 5, 2025
Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation... Critical Unreviewed
CVE-2024-45538 was published Dec 4, 2025
The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross... Moderate Unreviewed
CVE-2025-12358 was published Dec 3, 2025
Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7... Low Unreviewed
CVE-2025-13871 was published Dec 2, 2025
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-13140 was published Dec 2, 2025
The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-13685 was published Dec 2, 2025
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-13606 was published Dec 2, 2025
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the... High Unreviewed
CVE-2025-65840 was published Dec 1, 2025
A cross-site request forgery (csrf) vulnerability exists in the WEBVIEW-M functionality of... High Unreviewed
CVE-2024-53684 was published Dec 1, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Tekrom Technology Inc. T-Soft E-Commerce... Moderate Unreviewed
CVE-2025-13296 was published Dec 1, 2025
A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This... Moderate Unreviewed
CVE-2025-13790 was published Nov 30, 2025
Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0. Moderate Unreviewed
CVE-2025-51733 was published Nov 28, 2025
The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-13737 was published Nov 28, 2025
The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross... Moderate Unreviewed
CVE-2025-13143 was published Nov 27, 2025
The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-12578 was published Nov 27, 2025
The Peer Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-12587 was published Nov 25, 2025
The Conditional Maintenance Mode for WordPress plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-12586 was published Nov 25, 2025
Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a... Low Unreviewed
CVE-2025-62497 was published Nov 25, 2025
Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0... High Unreviewed
CVE-2025-56400 was published Nov 24, 2025
A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro... Moderate Unreviewed
CVE-2025-63953 was published Nov 24, 2025
A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro... Moderate Unreviewed
CVE-2025-63952 was published Nov 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database