Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,827
Erlang
36
GitHub Actions
32
Go
2,442
Maven
5,000+
npm
4,061
NuGet
723
pip
3,861
Pub
12
RubyGems
941
Rust
1,007
Swift
38
Unreviewed advisories
All unreviewed
5,000+

7,836 advisories

Loading
The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to... Moderate Unreviewed
CVE-2025-8891 was published Aug 13, 2025
The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2025-8491 was published Aug 13, 2025
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and... High Unreviewed
CVE-2025-49555 was published Aug 12, 2025
A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue... Moderate Unreviewed
CVE-2025-8814 was published Aug 10, 2025
Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Compress – Image Optimizer [All... Moderate Unreviewed
CVE-2024-32106 was published Apr 11, 2024
A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This... Moderate Unreviewed
CVE-2025-8739 was published Aug 8, 2025
Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module High
CVE-2023-35030 was published for com.liferay.portal:release.dxp.bom (Maven) Jun 15, 2023
Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin. High Unreviewed
CVE-2025-22963 was published Jan 13, 2025
A Cross-Site Request Forgery (CSRF) in Elgato's Key Lights and related light products allows an... Moderate Unreviewed
CVE-2025-7202 was published Aug 6, 2025
MLflow Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2025-1473 was published for mlflow (pip) Mar 20, 2025
A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is... Moderate Unreviewed
CVE-2025-5988 was published Aug 4, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
A vulnerability has been found in 495300897 wx-shop up to... Moderate Unreviewed
CVE-2025-8505 was published Aug 3, 2025
Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add... Moderate Unreviewed
CVE-2025-50847 was published Jul 31, 2025
A vulnerability classified as problematic has been found in code-projects Simple Car Rental... Moderate Unreviewed
CVE-2025-8335 was published Jul 31, 2025
Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console Critical
CVE-2024-8980 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery in Terms of Use Page High
CVE-2021-29050 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Feb 21, 2024
In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint Moderate Unreviewed
CVE-2025-54536 was published Jul 28, 2025
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow Moderate Unreviewed
CVE-2025-54528 was published Jul 28, 2025
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration Low Unreviewed
CVE-2025-54529 was published Jul 28, 2025
A vulnerability, which was classified as problematic, was found in jerryshensjf JPACookieShop... Moderate Unreviewed
CVE-2025-8223 was published Jul 27, 2025
The Memory Usage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-8104 was published Jul 27, 2025
The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2025-8103 was published Jul 26, 2025
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).... Moderate Unreviewed
CVE-2025-30746 was published Jul 15, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp:... Moderate Unreviewed
CVE-2025-36728 was published Jul 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database