Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

6,841 advisories

Loading
Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows... High Unreviewed
CVE-2025-27012 was published Feb 22, 2025
A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an... Moderate Unreviewed
CVE-2025-1557 was published Feb 22, 2025
Leantime allows Cross-Site Request Forgery (CSRF) Moderate
GHSA-92xh-6x7v-4rmq was published for leantime/leantime (Composer) Feb 21, 2025
dead1nfluence
A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to... Moderate Unreviewed
CVE-2025-25772 was published Feb 21, 2025
The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2024-13883 was published Feb 21, 2025
Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF)... Moderate Unreviewed
CVE-2024-7141 was published Feb 20, 2025
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass... Moderate Unreviewed
CVE-2024-49779 was published Feb 20, 2025
The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery... High Unreviewed
CVE-2024-13753 was published Feb 20, 2025
Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device. High Unreviewed
CVE-2020-10095 was published Feb 19, 2025
The DeBounce Email Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2024-13339 was published Feb 19, 2025
The Disable Auto Updates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2024-13336 was published Feb 19, 2025
The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2025-0865 was published Feb 19, 2025
The Apptivo Business Site CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2024-13405 was published Feb 19, 2025
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-1441 was published Feb 19, 2025
The Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later plugin for WordPress... Moderate Unreviewed
CVE-2024-13718 was published Feb 18, 2025
The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2024-13795 was published Feb 18, 2025
The MemorialDay plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2024-13523 was published Feb 18, 2025
The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2025-0796 was published Feb 18, 2025
The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2024-13438 was published Feb 18, 2025
The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,... High Unreviewed
CVE-2024-13684 was published Feb 18, 2025
The Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-13315 was published Feb 18, 2025
The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0... High Unreviewed
CVE-2024-13852 was published Feb 18, 2025
The magayo Lottery Results plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2024-13522 was published Feb 18, 2025
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is... Moderate Unreviewed
CVE-2024-13555 was published Feb 18, 2025
Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field allows... High Unreviewed
CVE-2025-26768 was published Feb 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database