Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

91 advisories

Loading
Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect allows Cross... Critical Unreviewed
CVE-2025-49381 was published Aug 20, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets allows Cross... Critical Unreviewed
CVE-2025-54010 was published Jul 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer allows SQL Injection. This... Critical Unreviewed
CVE-2025-53314 was published Jun 27, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager allows... Critical Unreviewed
CVE-2025-48340 was published May 19, 2025
The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF... Critical Unreviewed
CVE-2025-2907 was published Apr 26, 2025
Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote... Critical Unreviewed
CVE-2025-39601 was published Apr 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell... Critical Unreviewed
CVE-2025-30967 was published Apr 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor allows... Critical Unreviewed
CVE-2025-32641 was published Apr 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code... Critical Unreviewed
CVE-2025-32642 was published Apr 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop allows... Critical Unreviewed
CVE-2025-32576 was published Apr 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer allows Upload... Critical Unreviewed
CVE-2025-32496 was published Apr 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity allows Cross... Critical Unreviewed
CVE-2025-31033 was published Apr 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Jacob Schwartz WP e-Commerce Style Email... Critical Unreviewed
CVE-2025-30615 was published Mar 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in wpshopee Awesome Logos allows SQL Injection.... Critical Unreviewed
CVE-2025-30528 was published Mar 24, 2025
Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker... Critical Unreviewed
CVE-2025-26206 was published Mar 3, 2025
Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute... Critical Unreviewed
CVE-2025-25379 was published Mar 1, 2025
Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows... Critical Unreviewed
CVE-2025-25106 was published Feb 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites allows Cross Site... Critical Unreviewed
CVE-2025-25107 was published Feb 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites allows Cross Site... Critical Unreviewed
CVE-2025-25101 was published Feb 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web... Critical Unreviewed
CVE-2025-23922 was published Jan 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor allows... Critical Unreviewed
CVE-2025-23797 was published Jan 16, 2025
Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data... Critical Unreviewed
CVE-2024-55089 was published Dec 18, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Pearlbells Flash News / Post (Responsive)... Critical Unreviewed
CVE-2024-56012 was published Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection... Critical Unreviewed
CVE-2024-54372 was published Dec 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database