GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,702
Composer 4,471
Erlang 33
GitHub Actions 24
Go 2,175
Maven 5,404
npm 3,835
NuGet 696
pip 3,511
Pub 12
RubyGems 910
Rust 908
Swift 38

Unreviewed advisories

All unreviewed 248,587

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

6,990 advisories

Filter by severity

Sort by

Least recently updated

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow... Moderate Unreviewed

CVE-2025-1473 was published Mar 20, 2025

FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that... High Unreviewed

CVE-2024-9847 was published Mar 20, 2025

A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava v1.2.0 (LLaVA-1.6) allows... Moderate Unreviewed

CVE-2024-9311 was published Mar 20, 2025

A Cross-Site Request Forgery (CSRF) vulnerability in polyaxon/polyaxon v2.4.0 allows attackers to... Moderate Unreviewed

CVE-2024-9365 was published Mar 20, 2025

A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server,... High Unreviewed

CVE-2024-8489 was published Mar 20, 2025

A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of danswer-ai/danswer allows... High Unreviewed

CVE-2024-8065 was published Mar 20, 2025

A Cross-Site Request Forgery (CSRF) vulnerability exists in the backend API of netease-youdao... High Unreviewed

CVE-2024-8026 was published Mar 20, 2025

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are... Moderate Unreviewed

CVE-2024-7035 was published Mar 20, 2025

A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non... High Unreviewed

CVE-2024-7806 was published Mar 20, 2025

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the... High Unreviewed

CVE-2024-7760 was published Mar 20, 2025

A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest commit ... Moderate Unreviewed

CVE-2024-6841 was published Mar 20, 2025

A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic... High Unreviewed

CVE-2024-10819 was published Mar 20, 2025

In version 0.6.0 of eosphoros-ai/db-gpt, the `uvicorn` app created by `dbgpt_server` uses an... High Unreviewed

CVE-2024-10906 was published Mar 20, 2025

A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability... Moderate Unreviewed

CVE-2024-10481 was published Mar 20, 2025

The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-1314 was published Mar 20, 2025

The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable... High Unreviewed

CVE-2024-13933 was published Mar 19, 2025

A vulnerability classified as problematic was found in 猫宁i Morning up to... Moderate Unreviewed

CVE-2025-2420 was published Mar 18, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Recapture Cart Recovery and Email Marketing... Moderate Unreviewed

CVE-2025-26899 was published Mar 16, 2025

The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed

CVE-2025-1530 was published Mar 15, 2025

Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker... Moderate Unreviewed

CVE-2025-25873 was published Mar 14, 2025

The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to... High Unreviewed

CVE-2025-1764 was published Mar 14, 2025

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross... High Unreviewed

CVE-2024-13913 was published Mar 14, 2025

Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top allows Cross... Moderate Unreviewed

CVE-2025-28940 was published Mar 11, 2025

Cross-Site Request Forgery (CSRF) vulnerability in ohtan Spam Byebye allows Cross Site Request... Moderate Unreviewed

CVE-2025-28941 was published Mar 11, 2025

Cross-Site Request Forgery (CSRF) vulnerability in BCS Website Solutions Insert Code allows... High Unreviewed

CVE-2025-28932 was published Mar 11, 2025

Previous 1 2 3 4 5 … 279 280 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

6,990 advisories