GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,497
Composer 4,963
Erlang 39
GitHub Actions 38
Go 2,615
Maven 6,096
npm 4,255
NuGet 760
pip 4,036
Pub 12
RubyGems 953
Rust 1,049
Swift 45

Unreviewed advisories

All unreviewed 275,677

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

8,166 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Cross-Site Request Forgery (CSRF) vulnerability in integrationshotelrunner HotelRunner Booking... Moderate Unreviewed

CVE-2025-60168 was published Oct 22, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Evergreen Content Poster Evergreen Content... Moderate Unreviewed

CVE-2025-49373 was published Oct 22, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Code Amp Search & Filter search-filter allows... Moderate Unreviewed

CVE-2025-48099 was published Oct 22, 2025

The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-10588 was published Oct 22, 2025

Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks. High Unreviewed

CVE-2025-62771 was published Oct 22, 2025

Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system High

CVE-2025-47410 was published for org.apache.geode:geode-web (Maven) Oct 18, 2025

The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... High Unreviewed

CVE-2025-9890 was published Oct 18, 2025

Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages Moderate

CVE-2025-41254 was published for org.springframework:spring-websocket (Maven) Oct 16, 2025

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-10700 was published Oct 16, 2025

The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to... Moderate Unreviewed

CVE-2025-10300 was published Oct 15, 2025

The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-10312 was published Oct 15, 2025

The FunKItools plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2025-10301 was published Oct 15, 2025

A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1... High Unreviewed

CVE-2025-60535 was published Oct 14, 2025

A cross-site request forgery security issue exists in the product and version listed. The... High Unreviewed

CVE-2025-7330 was published Oct 14, 2025

Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for... Moderate Unreviewed

CVE-2025-42908 was published Oct 14, 2025

The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request... Low Unreviewed

CVE-2025-8606 was published Oct 11, 2025

The Page Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2025-9626 was published Oct 11, 2025

The WidgetPack Comment System plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed

CVE-2025-9621 was published Oct 11, 2025

The Course Redirects for Learndash plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-10376 was published Oct 11, 2025

The Web Accessibility By accessiBe plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-10375 was published Oct 11, 2025

Liferay Portal is vulnerable to CSRF through publication comments Moderate

CVE-2025-62245 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 10, 2025

A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An... Moderate Unreviewed

CVE-2025-43296 was published Oct 9, 2025

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-11166 was published Oct 9, 2025

A security flaw has been discovered in JhumanJ OpnForm up to 1.9.3. The impacted element is an... Moderate Unreviewed

CVE-2025-11442 was published Oct 8, 2025

Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time... High Unreviewed

CVE-2025-60956 was published Oct 6, 2025

Previous 1…3…327 Next

Previous 1 2 3 4 5 … 326 327 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

8,166 advisories