Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,472
Erlang
33
GitHub Actions
24
Go
2,195
Maven
5,000+
npm
3,841
NuGet
696
pip
3,632
Pub
12
RubyGems
911
Rust
910
Swift
38
Unreviewed advisories
All unreviewed
5,000+

6,996 advisories

Loading
Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.This issue affects WP SMS:... Moderate Unreviewed
CVE-2024-30454 was published Mar 29, 2024
Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects... High Unreviewed
CVE-2024-32712 was published May 14, 2024
The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable... High Unreviewed
CVE-2024-13933 was published Mar 19, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows... High Unreviewed
CVE-2024-21752 was published Feb 29, 2024
Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data... Critical Unreviewed
CVE-2024-55089 was published Dec 18, 2024
A vulnerability classified as problematic was found in 猫宁i Morning up to... Moderate Unreviewed
CVE-2025-2420 was published Mar 18, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Recapture Cart Recovery and Email Marketing... Moderate Unreviewed
CVE-2025-26899 was published Mar 16, 2025
The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2025-1530 was published Mar 15, 2025
MailDev Remote Code Execution Critical
CVE-2024-27448 was published for maildev (npm) Apr 5, 2024
stypr
The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-1764 was published Mar 14, 2025
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross... High Unreviewed
CVE-2024-13913 was published Mar 14, 2025
A race condition was addressed with additional validation. This issue is fixed in macOS Ventura... High Unreviewed
CVE-2024-40815 was published Jul 30, 2024
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal... Low Unreviewed
CVE-2024-35039 was published May 16, 2024
Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into... Moderate Unreviewed
CVE-2024-42056 was published Aug 22, 2024
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack High
CVE-2015-7537 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack High
CVE-2015-7538 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack Low
CVE-2015-5318 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The... Moderate Unreviewed
CVE-2019-15002 was published Feb 11, 2025
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component:... Moderate Unreviewed
CVE-2024-21202 was published Oct 15, 2024
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the... Moderate Unreviewed
CVE-2024-28430 was published Mar 13, 2024
Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle... Moderate Unreviewed
CVE-2025-21550 was published Jan 21, 2025
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net... Low Unreviewed
CVE-2024-57159 was published Jan 16, 2025
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion... High Unreviewed
CVE-2020-36836 was published Oct 16, 2024
An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary... Low Unreviewed
CVE-2024-40455 was published Jul 16, 2024
A cross-site request forgery vulnerability exists in Sola Testimonials versions prior to 3.0.0.... High Unreviewed
CVE-2024-38345 was published Jul 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database