Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

7,977 advisories

Loading
A vulnerability, which was classified as problematic, was found in DaiCuo up to 1.3.13. This... Moderate Unreviewed
CVE-2025-6865 was published Jun 29, 2025
A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2.... Moderate Unreviewed
CVE-2025-6864 was published Jun 29, 2025
A Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the... High Unreviewed
CVE-2025-24289 was published Jun 29, 2025
A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera... Moderate Unreviewed
CVE-2025-34050 was published Jul 1, 2025
Spree Auth Devise vulnerability allows for authentication bypass through CSRF weakness Critical
CVE-2021-41275 was published for spree_auth_devise (RubyGems) Nov 18, 2021
Duplicate Advisory: Authentication Bypass by CSRF Weakness Critical
GHSA-8xfw-5q82-3652 was published for spree_auth_devise (RubyGems) Nov 18, 2021 withdrawn
jasnow
Duplicate Advisory: Authentication Bypass by CSRF Weakness Critical
GHSA-6mqr-q86q-6gwr was published for spree_auth_devise (RubyGems) Nov 18, 2021 withdrawn
jasnow tdunlap607
Duplicate Advisory: Authentication Bypass by CSRF Weakness Critical
GHSA-gpqc-4pp7-5954 was published for spree_auth_devise (RubyGems) Nov 18, 2021 withdrawn
jasnow dsten56
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is... High Unreviewed
CVE-2025-6459 was published Jul 2, 2025
Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and... Low Unreviewed
CVE-2025-52463 was published Jul 2, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Linux, MacOS allows to perform an... High Unreviewed
CVE-2025-52841 was published Jul 2, 2025
The application is vulnerable to cross-site request forgery. An attacker can trick a valid,... Moderate Unreviewed
CVE-2025-27454 was published Jul 3, 2025
The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-5933 was published Jul 4, 2025
The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-5924 was published Jul 4, 2025
The yContributors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-6041 was published Jul 4, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Brian S. Reed Contact Form 7 reCAPTCHA allows... Moderate Unreviewed
CVE-2025-23972 was published Jul 4, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli Radio Station allows Cross Site... Moderate Unreviewed
CVE-2025-53568 was published Jul 4, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Trust Payments Trust Payments Gateway for... Moderate Unreviewed
CVE-2025-53569 was published Jul 4, 2025
A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3... Moderate Unreviewed
CVE-2025-7078 was published Jul 6, 2025
A vulnerability classified as problematic has been found in CodeAstro Online Movie Ticket Booking... Moderate Unreviewed
CVE-2025-7133 was published Jul 7, 2025
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform... Moderate Unreviewed
CVE-2025-20321 was published Jul 7, 2025
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform... Moderate Unreviewed
CVE-2025-20322 was published Jul 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery... High Unreviewed
CVE-2025-0669 was published May 7, 2025
ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() do not validate... High Unreviewed
CVE-2025-53483 was published Jul 4, 2025
A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing... Moderate Unreviewed
CVE-2025-7379 was published Jul 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database