Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

95 advisories

Loading
An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1... Critical Unreviewed
CVE-2024-34502 was published May 5, 2024
Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU... Critical Unreviewed
CVE-2025-12479 was published Oct 29, 2025
Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress allows Upload a... Critical Unreviewed
CVE-2025-60156 was published Sep 26, 2025
Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images allows Code... Critical Unreviewed
CVE-2025-58255 was published Sep 22, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue... Critical Unreviewed
CVE-2025-58997 was published Sep 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect allows Cross... Critical Unreviewed
CVE-2025-49381 was published Aug 20, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
Credited to JLLeitschuh
Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console Critical
CVE-2024-8980 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets allows Cross... Critical Unreviewed
CVE-2025-54010 was published Jul 16, 2025
Duplicate Advisory: Authentication Bypass by CSRF Weakness Critical
GHSA-gpqc-4pp7-5954 was published for spree_auth_devise (RubyGems) Nov 18, 2021 withdrawn
jasnow dsten56
Credited to jasnow and dsten56
Duplicate Advisory: Authentication Bypass by CSRF Weakness Critical
GHSA-6mqr-q86q-6gwr was published for spree_auth_devise (RubyGems) Nov 18, 2021 withdrawn
jasnow tdunlap607
Credited to jasnow and tdunlap607
Duplicate Advisory: Authentication Bypass by CSRF Weakness Critical
GHSA-8xfw-5q82-3652 was published for spree_auth_devise (RubyGems) Nov 18, 2021 withdrawn
jasnow
Credited to jasnow
Spree Auth Devise vulnerability allows for authentication bypass through CSRF weakness Critical
CVE-2021-41275 was published for spree_auth_devise (RubyGems) Nov 18, 2021
Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer allows SQL Injection. This... Critical Unreviewed
CVE-2025-53314 was published Jun 27, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager allows... Critical Unreviewed
CVE-2025-48340 was published May 19, 2025
The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF... Critical Unreviewed
CVE-2025-2907 was published Apr 26, 2025
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing... Critical Unreviewed
CVE-2017-16780 was published May 13, 2022
Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote... Critical Unreviewed
CVE-2025-39601 was published Apr 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell... Critical Unreviewed
CVE-2025-30967 was published Apr 16, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop allows... Critical Unreviewed
CVE-2025-32576 was published Apr 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer allows Upload... Critical Unreviewed
CVE-2025-32496 was published Apr 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity allows Cross... Critical Unreviewed
CVE-2025-31033 was published Apr 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code... Critical Unreviewed
CVE-2025-32642 was published Apr 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor allows... Critical Unreviewed
CVE-2025-32641 was published Apr 9, 2025
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an... Critical Unreviewed
CVE-2024-44677 was published Sep 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database