Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,725
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

8,267 advisories

Loading
Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented... Moderate Unreviewed
CVE-2025-59110 was published Nov 18, 2025
A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple WSO2 products due to the use... High Unreviewed
CVE-2025-6670 was published Nov 18, 2025
The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-12827 was published Nov 18, 2025
The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-9625 was published Nov 18, 2025
The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2025-12406 was published Nov 18, 2025
The WP Admin Microblog plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-12173 was published Nov 18, 2025
The Like-it plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2025-12404 was published Nov 18, 2025
Multiple CWE-352 Cross-Site Request Forgery (CSRF) Moderate Unreviewed
CVE-2025-55057 was published Nov 17, 2025
A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an... Moderate Unreviewed
CVE-2025-13177 was published Nov 14, 2025
A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory... Moderate Unreviewed
CVE-2025-13179 was published Nov 14, 2025
Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from... Moderate Unreviewed
CVE-2025-59480 was published Nov 13, 2025
A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. This affects an... Moderate Unreviewed
CVE-2025-13119 was published Nov 13, 2025
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes WP Plugin Manager wp-plugin-manager... Moderate Unreviewed
CVE-2025-64271 was published Nov 13, 2025
Cross-Site Request Forgery (CSRF) vulnerability in ramon fincken Auto Prune Posts auto-prune... Moderate Unreviewed
CVE-2025-64262 was published Nov 13, 2025
A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via... High Unreviewed
CVE-2025-57310 was published Nov 12, 2025
A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users... Moderate Unreviewed
CVE-2025-60645 was published Nov 12, 2025
The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-12901 was published Nov 12, 2025
The YSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site... Moderate Unreviewed
CVE-2025-12590 was published Nov 11, 2025
The WP-Walla plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross... Moderate Unreviewed
CVE-2025-12589 was published Nov 11, 2025
The USB Qr Code Scanner For Woocommerce plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-12588 was published Nov 11, 2025
The CTL Arcade Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-11886 was published Nov 11, 2025
The WP Custom Admin Login Page Logo plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-12132 was published Nov 11, 2025
Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User... High Unreviewed
CVE-2025-63712 was published Nov 10, 2025
A Cross-Site Request Forgery (CSRF) vulnerability in the SourceCodester Client Database... High Unreviewed
CVE-2025-63711 was published Nov 10, 2025
The send_message.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to... Moderate Unreviewed
CVE-2025-63710 was published Nov 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database