Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,350
Erlang
31
GitHub Actions
22
Go
2,119
Maven
5,000+
npm
3,778
NuGet
680
pip
3,459
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

6,784 advisories

Loading
Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance... Moderate Unreviewed
CVE-2025-24546 was published Jan 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance... Moderate Unreviewed
CVE-2025-24543 was published Jan 24, 2025
The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2024-13683 was published Jan 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Media Library Mime Type allows... High Unreviewed
CVE-2025-22768 was published Jan 23, 2025
The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2,... Moderate Unreviewed
CVE-2024-13511 was published Jan 23, 2025
A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0... High Unreviewed
CVE-2024-56924 was published Jan 22, 2025
CSRF vulnerability in Jenkins Azure Service Fabric Plugin Moderate
CVE-2025-24402 was published for org.jenkins-ci.plugins:service-fabric (Maven) Jan 22, 2025
Bitbucket Server Integration Plugin allows bypassing CSRF protection for any URL High
CVE-2025-24398 was published for io.jenkins.plugins:atlassian-bitbucket-server-integration (Maven) Jan 22, 2025
Cross-Site Request Forgery (CSRF) vulnerability in PQINA Snippy allows Reflected XSS. This issue... High Unreviewed
CVE-2025-23803 was published Jan 22, 2025
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFarmer Ultimate Subscribe allows... High Unreviewed
CVE-2025-23806 was published Jan 22, 2025
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web... Moderate Unreviewed
CVE-2025-21538 was published Jan 21, 2025
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web... Moderate Unreviewed
CVE-2025-21507 was published Jan 21, 2025
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web... Moderate Unreviewed
CVE-2025-21513 was published Jan 21, 2025
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle... Moderate Unreviewed
CVE-2025-21526 was published Jan 21, 2025
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle... Moderate Unreviewed
CVE-2025-21528 was published Jan 21, 2025
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite ... Moderate Unreviewed
CVE-2025-21489 was published Jan 21, 2025
Cross-Site Request Forgery in CodeChecker API High
CVE-2024-53829 was published for codechecker (pip) Jan 21, 2025
Discookie
A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user... Moderate Unreviewed
CVE-2024-54792 was published Jan 21, 2025
Cross-Site Request Forgery (CSRF) vulnerability in anyroad.com AnyRoad allows Cross Site Request... Moderate Unreviewed
CVE-2025-23996 was published Jan 21, 2025
Cross-Site Request Forgery (CSRF) vulnerability in PPO Việt Nam (ppo.vn) PPO Call To Actions... High Unreviewed
CVE-2025-24001 was published Jan 21, 2025
The wp-greet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2024-13444 was published Jan 21, 2025
The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2024-12005 was published Jan 21, 2025
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2024-12385 was published Jan 18, 2025
The Webcamconsult plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2024-13432 was published Jan 18, 2025
The ShipWorks Connector for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2024-13317 was published Jan 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database