GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,369
Composer 4,373
Erlang 33
GitHub Actions 22
Go 2,135
Maven 5,313
npm 3,797
NuGet 687
pip 3,478
Pub 12
RubyGems 896
Rust 897
Swift 38

Unreviewed advisories

All unreviewed 245,367

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

3,297 advisories

Filter by severity

Sort by

Least recently updated

A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an... Moderate Unreviewed

CVE-2025-1557 was published Feb 22, 2025

A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to... Moderate Unreviewed

CVE-2025-25772 was published Feb 21, 2025

The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2024-13883 was published Feb 21, 2025

Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF)... Moderate Unreviewed

CVE-2024-7141 was published Feb 20, 2025

The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2024-2959 was published May 2, 2024

The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2024-2960 was published May 2, 2024

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass... Moderate Unreviewed

CVE-2024-49779 was published Feb 20, 2025

The DeBounce Email Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed

CVE-2024-13339 was published Feb 19, 2025

The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed

CVE-2025-0865 was published Feb 19, 2025

The Disable Auto Updates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2024-13336 was published Feb 19, 2025

The Apptivo Business Site CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed

CVE-2024-13405 was published Feb 19, 2025

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-1441 was published Feb 19, 2025

The Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later plugin for WordPress... Moderate Unreviewed

CVE-2024-13718 was published Feb 18, 2025

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed

CVE-2024-13795 was published Feb 18, 2025

The MemorialDay plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2024-13523 was published Feb 18, 2025

The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2024-13438 was published Feb 18, 2025

The magayo Lottery Results plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed

CVE-2024-13522 was published Feb 18, 2025

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is... Moderate Unreviewed

CVE-2024-13555 was published Feb 18, 2025

The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed

CVE-2025-0796 was published Feb 18, 2025

A vulnerability classified as problematic was found in Pix Software Vivaz 6.0.10. This... Moderate Unreviewed

CVE-2025-1358 was published Feb 16, 2025

The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed

CVE-2024-10581 was published Feb 15, 2025

Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahualpa.This issue affects... Moderate Unreviewed

CVE-2024-27948 was published Feb 28, 2024

mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an... Moderate Unreviewed

CVE-2025-23411 was published Feb 14, 2025

The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for... Moderate Unreviewed

CVE-2024-2326 was published Mar 23, 2024

The Book a Room plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2024-13437 was published Feb 12, 2025

Previous 1 2 3 4 5 … 131 132 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

3,297 advisories