Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

3,244 advisories

Loading
Cross-Site Request Forgery (CSRF) vulnerability in WP Attire Attire Blocks allows Cross Site... Moderate Unreviewed
CVE-2025-24696 was published Jan 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in G5Theme Essential Real Estate allows Cross... Moderate Unreviewed
CVE-2025-24698 was published Jan 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Job Board Manager allows Cross... Moderate Unreviewed
CVE-2025-24622 was published Jan 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Security Really Simple SSL... Moderate Unreviewed
CVE-2025-24623 was published Jan 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross... Moderate Unreviewed
CVE-2025-24572 was published Jan 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates allows... Moderate Unreviewed
CVE-2025-24568 was published Jan 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance... Moderate Unreviewed
CVE-2025-24543 was published Jan 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance... Moderate Unreviewed
CVE-2025-24546 was published Jan 24, 2025
The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2024-13683 was published Jan 24, 2025
The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2,... Moderate Unreviewed
CVE-2024-13511 was published Jan 23, 2025
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web... Moderate Unreviewed
CVE-2025-21538 was published Jan 21, 2025
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web... Moderate Unreviewed
CVE-2025-21507 was published Jan 21, 2025
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web... Moderate Unreviewed
CVE-2025-21513 was published Jan 21, 2025
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite ... Moderate Unreviewed
CVE-2025-21489 was published Jan 21, 2025
Cross-Site Request Forgery (CSRF) vulnerability in anyroad.com AnyRoad allows Cross Site Request... Moderate Unreviewed
CVE-2025-23996 was published Jan 21, 2025
A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user... Moderate Unreviewed
CVE-2024-54792 was published Jan 21, 2025
The wp-greet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2024-13444 was published Jan 21, 2025
The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2024-12005 was published Jan 21, 2025
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2024-12385 was published Jan 18, 2025
The Webcamconsult plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2024-13432 was published Jan 18, 2025
The ShipWorks Connector for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2024-13317 was published Jan 18, 2025
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19 are vulnerable to cross... Moderate Unreviewed
CVE-2024-26153 was published Jan 17, 2025
Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER allows Cross Site... Moderate Unreviewed
CVE-2025-23765 was published Jan 16, 2025
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net... Moderate Unreviewed
CVE-2024-57160 was published Jan 16, 2025
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net... Moderate Unreviewed
CVE-2024-57161 was published Jan 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database