GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,034
Composer 5,080
Erlang 39
GitHub Actions 38
Go 2,750
Maven 6,169
npm 4,356
NuGet 765
pip 4,117
Pub 12
RubyGems 960
Rust 1,069
Swift 45

Unreviewed advisories

All unreviewed 280,750

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

8,333 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Liferay Portal Vulnerable to CSRF in Headless APIs High

CVE-2025-62258 was published for com.liferay.portal:release.portal.bom (Maven) Oct 28, 2025

Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User... High Unreviewed

CVE-2025-63712 was published Nov 10, 2025

Multiple CWE-352 Cross-Site Request Forgery (CSRF) Moderate Unreviewed

CVE-2025-55057 was published Nov 17, 2025

The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2025-12827 was published Nov 18, 2025

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-9625 was published Nov 18, 2025

The WP Admin Microblog plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-12173 was published Nov 18, 2025

The Like-it plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed

CVE-2025-12404 was published Nov 18, 2025

The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed

CVE-2025-12406 was published Nov 18, 2025

A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple WSO2 products due to the use... High Unreviewed

CVE-2025-6670 was published Nov 18, 2025

A Cross-Site Request Forgery (CSRF) vulnerability in the manage-students.php component of... High Unreviewed

CVE-2025-63955 was published Nov 18, 2025

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all... Moderate Unreviewed

CVE-2025-12535 was published Nov 19, 2025

Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious... Moderate Unreviewed

CVE-2025-59114 was published Nov 18, 2025

A Cross-Site Request Forgery (CSRF) vulnerability was identified in HCL Glovius Cloud. An... Moderate Unreviewed

CVE-2025-62346 was published Nov 20, 2025

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious... Moderate Unreviewed

CVE-2025-59112 was published Nov 18, 2025

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented... Moderate Unreviewed

CVE-2025-59110 was published Nov 18, 2025

Cross-site request forgery vulnerability exists in LogStare Collector. If a user views a crafted... Moderate Unreviewed

CVE-2025-62687 was published Nov 21, 2025

The AuthorSure plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2025-13134 was published Nov 21, 2025

The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-13142 was published Nov 21, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Igor Jerosimić I Order Terms i-order-terms... Moderate Unreviewed

CVE-2025-66097 was published Nov 21, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting... Moderate Unreviewed

CVE-2025-66061 was published Nov 21, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Giveaways and Contests by... Moderate Unreviewed

CVE-2025-66064 was published Nov 21, 2025

The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File... High Unreviewed

CVE-2025-11087 was published Nov 21, 2025

Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0... High Unreviewed

CVE-2025-56400 was published Nov 24, 2025

A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro... Moderate Unreviewed

CVE-2025-63953 was published Nov 24, 2025

A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro... Moderate Unreviewed

CVE-2025-63952 was published Nov 24, 2025

Previous 1…329…334 Next

Previous 1 2 … 327 328 329 330 331 332 333 334 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

8,333 advisories