GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,381
Composer 4,942
Erlang 39
GitHub Actions 38
Go 2,599
Maven 6,052
npm 4,249
NuGet 755
pip 4,013
Pub 12
RubyGems 953
Rust 1,048
Swift 45

Unreviewed advisories

All unreviewed 274,663

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

8,121 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Cross site request forgery (CSRF) vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint... Moderate Unreviewed

CVE-2025-56009 was published Oct 23, 2025

Cross-Site Request Forgery (CSRF) vulnerability in FantasticPlugins SUMO Memberships for... Unknown Unreviewed

CVE-2025-62005 was published Oct 22, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN... Unknown Unreviewed

CVE-2025-62009 was published Oct 22, 2025

Cross-Site Request Forgery (CSRF) vulnerability in impleCode Product Catalog Simple post-type-x... Moderate Unreviewed

CVE-2025-62061 was published Oct 22, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Tusko Trush Advanced Custom Fields : CPT... Moderate Unreviewed

CVE-2025-60208 was published Oct 22, 2025

Cross-Site Request Forgery (CSRF) vulnerability in integrationshotelrunner HotelRunner Booking... Moderate Unreviewed

CVE-2025-60168 was published Oct 22, 2025

Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Media Categories wp-media... Moderate Unreviewed

CVE-2025-60134 was published Oct 22, 2025

Cross-Site Request Forgery (CSRF) vulnerability in johnh10 Video Blogster Lite video-blogster... Moderate Unreviewed

CVE-2025-60132 was published Oct 22, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Evergreen Content Poster Evergreen Content... Moderate Unreviewed

CVE-2025-49373 was published Oct 22, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Code Amp Search & Filter search-filter allows... Moderate Unreviewed

CVE-2025-48099 was published Oct 22, 2025

The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-10588 was published Oct 22, 2025

Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks. High Unreviewed

CVE-2025-62771 was published Oct 22, 2025

Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system High

CVE-2025-47410 was published for org.apache.geode:geode-web (Maven) Oct 18, 2025

The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... High Unreviewed

CVE-2025-9890 was published Oct 18, 2025

Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages Moderate

CVE-2025-41254 was published for org.springframework:spring-websocket (Maven) Oct 16, 2025

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-10700 was published Oct 16, 2025

The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to... Moderate Unreviewed

CVE-2025-10300 was published Oct 15, 2025

The FunKItools plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2025-10301 was published Oct 15, 2025

The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-10312 was published Oct 15, 2025

A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1... High Unreviewed

CVE-2025-60535 was published Oct 14, 2025

A cross-site request forgery security issue exists in the product and version listed. The... High Unreviewed

CVE-2025-7330 was published Oct 14, 2025

Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for... Moderate Unreviewed

CVE-2025-42908 was published Oct 14, 2025

The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request... Low Unreviewed

CVE-2025-8606 was published Oct 11, 2025

The Page Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2025-9626 was published Oct 11, 2025

The WidgetPack Comment System plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed

CVE-2025-9621 was published Oct 11, 2025

Previous1…325 Next

Previous 1 2 3 4 5 … 324 325 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

8,121 advisories