GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,846
Composer 5,059
Erlang 39
GitHub Actions 38
Go 2,688
Maven 6,134
npm 4,320
NuGet 760
pip 4,096
Pub 12
RubyGems 958
Rust 1,063
Swift 45

Unreviewed advisories

All unreviewed 278,551

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

8,247 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the... High Unreviewed

CVE-2025-65840 was published Dec 1, 2025

Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7... Low Unreviewed

CVE-2025-13871 was published Dec 2, 2025

The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-13685 was published Dec 2, 2025

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed

CVE-2025-13140 was published Dec 2, 2025

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-13606 was published Dec 2, 2025

A cross-site request forgery (csrf) vulnerability exists in the WEBVIEW-M functionality of... High Unreviewed

CVE-2024-53684 was published Dec 1, 2025

Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack Critical

CVE-2025-62593 was published for ray (pip) Nov 26, 2025

Credited to JLLeitschuh and avilum

Cross-Site Request Forgery (CSRF) vulnerability in Tekrom Technology Inc. T-Soft E-Commerce... Moderate Unreviewed

CVE-2025-13296 was published Dec 1, 2025

A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This... Moderate Unreviewed

CVE-2025-13790 was published Nov 30, 2025

Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0. Moderate Unreviewed

CVE-2025-51733 was published Nov 28, 2025

The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-13737 was published Nov 28, 2025

Cross-Site Request Forgery in sqlite-web High

CVE-2021-23404 was published for sqlite-web (pip) Sep 9, 2021

Credited to JohnGale87

Atro CSRF Middleware Bypass (security.checkOrigin) Moderate

CVE-2024-56140 was published for astro (npm) Dec 18, 2024

Credited to KageShiron, ematipico, delucis, and ascorbic

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross... Moderate Unreviewed

CVE-2025-13143 was published Nov 27, 2025

The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-12578 was published Nov 27, 2025

PAD CMS is vulnerable to Cross-Site Request Forgery in reset password's functionality. Malicious... Moderate Unreviewed

CVE-2025-8119 was published Sep 30, 2025

The Conditional Maintenance Mode for WordPress plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed

CVE-2025-12586 was published Nov 25, 2025

The Peer Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2025-12587 was published Nov 25, 2025

Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a... Low Unreviewed

CVE-2025-62497 was published Nov 25, 2025

A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro... Moderate Unreviewed

CVE-2025-63952 was published Nov 24, 2025

A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro... Moderate Unreviewed

CVE-2025-63953 was published Nov 24, 2025

Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0... High Unreviewed

CVE-2025-56400 was published Nov 24, 2025

The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File... High Unreviewed

CVE-2025-11087 was published Nov 21, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Giveaways and Contests by... Moderate Unreviewed

CVE-2025-66064 was published Nov 21, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting... Moderate Unreviewed

CVE-2025-66061 was published Nov 21, 2025

Previous1…330 Next

Previous 1 2 3 4 5 … 329 330 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

8,247 advisories