Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,711
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

97 advisories

Loading
Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation... Critical Unreviewed
CVE-2024-45538 was published Dec 4, 2025
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack Critical
CVE-2025-62593 was published for ray (pip) Nov 26, 2025
JLLeitschuh avilum
Credited to JLLeitschuh and avilum
Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU... Critical Unreviewed
CVE-2025-12479 was published Oct 29, 2025
Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress allows Upload a... Critical Unreviewed
CVE-2025-60156 was published Sep 26, 2025
Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images allows Code... Critical Unreviewed
CVE-2025-58255 was published Sep 22, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue... Critical Unreviewed
CVE-2025-58997 was published Sep 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect allows Cross... Critical Unreviewed
CVE-2025-49381 was published Aug 20, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
Credited to JLLeitschuh
Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets allows Cross... Critical Unreviewed
CVE-2025-54010 was published Jul 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer allows SQL Injection. This... Critical Unreviewed
CVE-2025-53314 was published Jun 27, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager allows... Critical Unreviewed
CVE-2025-48340 was published May 19, 2025
The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF... Critical Unreviewed
CVE-2025-2907 was published Apr 26, 2025
Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote... Critical Unreviewed
CVE-2025-39601 was published Apr 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell... Critical Unreviewed
CVE-2025-30967 was published Apr 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor allows... Critical Unreviewed
CVE-2025-32641 was published Apr 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code... Critical Unreviewed
CVE-2025-32642 was published Apr 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop allows... Critical Unreviewed
CVE-2025-32576 was published Apr 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer allows Upload... Critical Unreviewed
CVE-2025-32496 was published Apr 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity allows Cross... Critical Unreviewed
CVE-2025-31033 was published Apr 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Jacob Schwartz WP e-Commerce Style Email... Critical Unreviewed
CVE-2025-30615 was published Mar 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in wpshopee Awesome Logos allows SQL Injection.... Critical Unreviewed
CVE-2025-30528 was published Mar 24, 2025
Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker... Critical Unreviewed
CVE-2025-26206 was published Mar 3, 2025
Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute... Critical Unreviewed
CVE-2025-25379 was published Mar 1, 2025
Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows... Critical Unreviewed
CVE-2025-25106 was published Feb 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites allows Cross Site... Critical Unreviewed
CVE-2025-25107 was published Feb 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database