Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
766
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

8,342 advisories

Loading
The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross... Moderate Unreviewed
CVE-2025-14399 was published Dec 17, 2025
Cross-site request forgery vulnerability exists in GROWI v7.3.3 and earlier. If a user views a... Moderate Unreviewed
CVE-2025-64700 was published Dec 17, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Meks Meks Quick Plugin Disabler meks-quick... Moderate Unreviewed
CVE-2025-68083 was published Dec 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in SEMrush CY LTD Semrush Content Toolkit semrush... Unknown Unreviewed
CVE-2025-68082 was published Dec 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in freshchat Freshchat freshchat allows Cross... Moderate Unreviewed
CVE-2025-64240 was published Dec 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Yoav Farhi RTL Tester rtl-tester allows Cross... Moderate Unreviewed
CVE-2025-64239 was published Dec 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Graham Quick Interest Slider quick-interest... Moderate Unreviewed
CVE-2025-64237 was published Dec 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Astoundify Listify listify allows Cross Site... Moderate Unreviewed
CVE-2025-59009 was published Dec 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System - Easy... Moderate Unreviewed
CVE-2025-58999 was published Dec 16, 2025
The Popover Windows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions... Moderate Unreviewed
CVE-2025-14394 was published Dec 13, 2025
The Image Slider by Ays- Responsive Slider and Carousel plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14454 was published Dec 13, 2025
The Lucky Draw Contests plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-14462 was published Dec 13, 2025
OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of... High Unreviewed
CVE-2025-13970 was published Dec 13, 2025
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12407 was published Dec 12, 2025
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14159 was published Dec 12, 2025
Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0,... Moderate Unreviewed
CVE-2025-58576 was published Dec 12, 2025
The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-14165 was published Dec 12, 2025
The Truefy Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-14161 was published Dec 12, 2025
The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-14162 was published Dec 12, 2025
The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-14391 was published Dec 12, 2025
The Coding Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-14158 was published Dec 12, 2025
The Upcoming for Calendly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-14160 was published Dec 12, 2025
The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-14354 was published Dec 12, 2025
The Animated Pixel Marquee Creator plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-14062 was published Dec 12, 2025
The Purchase and Expense Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2025-13987 was published Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database