Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,474
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,845
NuGet
696
pip
3,635
Pub
12
RubyGems
911
Rust
912
Swift
38
Unreviewed advisories
All unreviewed
5,000+

7,046 advisories

Loading
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the... High Unreviewed
CVE-2024-7760 was published Mar 20, 2025
A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic... High Unreviewed
CVE-2024-10819 was published Mar 20, 2025
A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability... Moderate Unreviewed
CVE-2024-10481 was published Mar 20, 2025
The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-1314 was published Mar 20, 2025
Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker... Moderate Unreviewed
CVE-2025-25873 was published Mar 14, 2025
Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects... High Unreviewed
CVE-2024-32712 was published May 14, 2024
Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.This issue affects WP SMS:... Moderate Unreviewed
CVE-2024-30454 was published Mar 29, 2024
The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable... High Unreviewed
CVE-2024-13933 was published Mar 19, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows... High Unreviewed
CVE-2024-21752 was published Feb 29, 2024
Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data... Critical Unreviewed
CVE-2024-55089 was published Dec 18, 2024
A vulnerability classified as problematic was found in 猫宁i Morning up to... Moderate Unreviewed
CVE-2025-2420 was published Mar 18, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Recapture Cart Recovery and Email Marketing... Moderate Unreviewed
CVE-2025-26899 was published Mar 16, 2025
The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2025-1530 was published Mar 15, 2025
MailDev Remote Code Execution Critical
CVE-2024-27448 was published for maildev (npm) Apr 5, 2024
stypr
The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-1764 was published Mar 14, 2025
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross... High Unreviewed
CVE-2024-13913 was published Mar 14, 2025
A race condition was addressed with additional validation. This issue is fixed in macOS Ventura... High Unreviewed
CVE-2024-40815 was published Jul 30, 2024
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal... Low Unreviewed
CVE-2024-35039 was published May 16, 2024
Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into... Moderate Unreviewed
CVE-2024-42056 was published Aug 22, 2024
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack High
CVE-2015-7537 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack High
CVE-2015-7538 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack Low
CVE-2015-5318 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The... Moderate Unreviewed
CVE-2019-15002 was published Feb 11, 2025
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component:... Moderate Unreviewed
CVE-2024-21202 was published Oct 15, 2024
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the... Moderate Unreviewed
CVE-2024-28430 was published Mar 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database