GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,833
Composer 5,055
Erlang 39
GitHub Actions 38
Go 2,685
Maven 6,134
npm 4,318
NuGet 760
pip 4,092
Pub 12
RubyGems 958
Rust 1,063
Swift 45

Unreviewed advisories

All unreviewed 278,480

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

8,242 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A cross-site request forgery (csrf) vulnerability exists in the WEBVIEW-M functionality of... High Unreviewed

CVE-2024-53684 was published Dec 1, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Tekrom Technology Inc. T-Soft E-Commerce... Moderate Unreviewed

CVE-2025-13296 was published Dec 1, 2025

A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This... Moderate Unreviewed

CVE-2025-13790 was published Nov 30, 2025

Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0. Moderate Unreviewed

CVE-2025-51733 was published Nov 28, 2025

The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-13737 was published Nov 28, 2025

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross... Moderate Unreviewed

CVE-2025-13143 was published Nov 27, 2025

The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-12578 was published Nov 27, 2025

Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack Critical

CVE-2025-62593 was published for ray (pip) Nov 26, 2025

Credited to JLLeitschuh and avilum

The Conditional Maintenance Mode for WordPress plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed

CVE-2025-12586 was published Nov 25, 2025

The Peer Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2025-12587 was published Nov 25, 2025

Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a... Low Unreviewed

CVE-2025-62497 was published Nov 25, 2025

Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0... High Unreviewed

CVE-2025-56400 was published Nov 24, 2025

A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro... Moderate Unreviewed

CVE-2025-63952 was published Nov 24, 2025

A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro... Moderate Unreviewed

CVE-2025-63953 was published Nov 24, 2025

The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File... High Unreviewed

CVE-2025-11087 was published Nov 21, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Igor Jerosimić I Order Terms i-order-terms... Moderate Unreviewed

CVE-2025-66097 was published Nov 21, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Giveaways and Contests by... Moderate Unreviewed

CVE-2025-66064 was published Nov 21, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting... Moderate Unreviewed

CVE-2025-66061 was published Nov 21, 2025

The Custom Post Type plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-13142 was published Nov 21, 2025

The AuthorSure plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2025-13134 was published Nov 21, 2025

Cross-site request forgery vulnerability exists in LogStare Collector. If a user views a crafted... Moderate Unreviewed

CVE-2025-62687 was published Nov 21, 2025

A Cross-Site Request Forgery (CSRF) vulnerability was identified in HCL Glovius Cloud. An... Moderate Unreviewed

CVE-2025-62346 was published Nov 20, 2025

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all... Moderate Unreviewed

CVE-2025-12535 was published Nov 19, 2025

A Cross-Site Request Forgery (CSRF) vulnerability in the manage-students.php component of... High Unreviewed

CVE-2025-63955 was published Nov 18, 2025

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious... Moderate Unreviewed

CVE-2025-59112 was published Nov 18, 2025

Previous1…330 Next

Previous 1 2 3 4 5 … 329 330 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

8,242 advisories