Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,585 advisories

Loading
The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... High Unreviewed
CVE-2025-12028 was published Oct 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in FantasticPlugins SUMO Memberships for... High Unreviewed
CVE-2025-62005 was published Oct 22, 2025
Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks. High Unreviewed
CVE-2025-62771 was published Oct 22, 2025
Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system High
CVE-2025-47410 was published for org.apache.geode:geode-web (Maven) Oct 18, 2025
The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... High Unreviewed
CVE-2025-9890 was published Oct 18, 2025
A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1... High Unreviewed
CVE-2025-60535 was published Oct 14, 2025
A cross-site request forgery security issue exists in the product and version listed. The... High Unreviewed
CVE-2025-7330 was published Oct 14, 2025
Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time... High Unreviewed
CVE-2025-60956 was published Oct 6, 2025
The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0... High Unreviewed
CVE-2025-9213 was published Oct 3, 2025
Canonical LXD CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI High
CVE-2025-54286 was published for github.com/canonical/lxd (Go) Oct 2, 2025
The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... High Unreviewed
CVE-2025-7052 was published Sep 30, 2025
Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability... High Unreviewed
CVE-2025-35030 was published Sep 29, 2025
Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass High
CVE-2025-59845 was published for @apollo/explorer (npm) Sep 26, 2025
ekzyis Credited to ekzyis
Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN NewsmanApp allows Stored XSS. This... High Unreviewed
CVE-2025-60164 was published Sep 26, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Taraprasad Swain HTACCESS IP Blocker allows... High Unreviewed
CVE-2025-60170 was published Sep 26, 2025
Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technology W3SCloud Contact Form 7... High Unreviewed
CVE-2025-60169 was published Sep 26, 2025
Cross-Site Request Forgery (CSRF) vulnerability in flytedesk Flytedesk Digital allows Stored XSS.... High Unreviewed
CVE-2025-60172 was published Sep 26, 2025
Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for... High Unreviewed
CVE-2025-60171 was published Sep 26, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Ashwani kumar GST for WooCommerce allows... High Unreviewed
CVE-2025-60173 was published Sep 26, 2025
Cross-Site Request Forgery (CSRF) vulnerability in javothemes Javo Core allows Authentication... High Unreviewed
CVE-2025-60111 was published Sep 26, 2025
Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Current Age Plugin allows Stored... High Unreviewed
CVE-2025-58687 was published Sep 22, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Casengo Casengo Live Chat Support allows... High Unreviewed
CVE-2025-58688 was published Sep 22, 2025
Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core allows Cross Site... High Unreviewed
CVE-2025-59572 was published Sep 22, 2025
Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect allows Stored XSS. This... High Unreviewed
CVE-2025-58690 was published Sep 22, 2025
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System allows... High Unreviewed
CVE-2025-58956 was published Sep 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database