Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

8,166 advisories

Loading
The PayPal Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-10309 was published Oct 3, 2025
The Comment Info Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-10311 was published Oct 3, 2025
The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-9885 was published Oct 3, 2025
The WP SinoType plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-9630 was published Oct 3, 2025
The Optimize More! – CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-9945 was published Oct 3, 2025
The Restrict User Registration plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2025-9892 was published Oct 3, 2025
Canonical LXD CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI High
CVE-2025-54286 was published for github.com/canonical/lxd (Go) Oct 2, 2025
The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site... High Unreviewed
CVE-2024-2125 was published Apr 9, 2024
The LockerPress – WordPress Security Plugin plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-9946 was published Sep 30, 2025
The Chat by Chatwee plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-9948 was published Sep 30, 2025
PAD CMS is vulnerable to Cross-Site Request Forgery in reset password's functionality. Malicious... Moderate Unreviewed
CVE-2025-8119 was published Sep 30, 2025
The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... High Unreviewed
CVE-2025-7052 was published Sep 30, 2025
Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability... High Unreviewed
CVE-2025-35030 was published Sep 29, 2025
A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and ‘... High Unreviewed
CVE-2024-24336 was published Mar 20, 2024
Cross Site Request Forgery (CSRF) vulnerability exists in the 'pvmsg.php?action=add_message',... High Unreviewed
CVE-2024-51144 was published Mar 5, 2025
Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass High
CVE-2025-59845 was published for @apollo/explorer (npm) Sep 26, 2025
ekzyis 0x9x-ui
Credited to ekzyis and 0x9x-ui
The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-9944 was published Sep 27, 2025
The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2025-9896 was published Sep 27, 2025
The Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms plugin for... Moderate Unreviewed
CVE-2025-9899 was published Sep 27, 2025
A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. This... Moderate Unreviewed
CVE-2025-11051 was published Sep 27, 2025
The cForms – Light speed fast Form Builder plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-9898 was published Sep 27, 2025
The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-9894 was published Sep 27, 2025
The VM Menu Reorder plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-9893 was published Sep 27, 2025
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-10499 was published Sep 27, 2025
IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site request forgery... Moderate Unreviewed
CVE-2024-43192 was published Sep 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database