Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

7,976 advisories

Loading
MLflow Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2025-1473 was published for mlflow (pip) Mar 20, 2025
A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is... Moderate Unreviewed
CVE-2025-5988 was published Aug 4, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
A vulnerability has been found in 495300897 wx-shop up to... Moderate Unreviewed
CVE-2025-8505 was published Aug 3, 2025
Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add... Moderate Unreviewed
CVE-2025-50847 was published Jul 31, 2025
A vulnerability classified as problematic has been found in code-projects Simple Car Rental... Moderate Unreviewed
CVE-2025-8335 was published Jul 31, 2025
Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console Critical
CVE-2024-8980 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery in Terms of Use Page High
CVE-2021-29050 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Feb 21, 2024
In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint Moderate Unreviewed
CVE-2025-54536 was published Jul 28, 2025
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow Moderate Unreviewed
CVE-2025-54528 was published Jul 28, 2025
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration Low Unreviewed
CVE-2025-54529 was published Jul 28, 2025
A vulnerability, which was classified as problematic, was found in jerryshensjf JPACookieShop... Moderate Unreviewed
CVE-2025-8223 was published Jul 27, 2025
The Memory Usage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-8104 was published Jul 27, 2025
The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2025-8103 was published Jul 26, 2025
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).... Moderate Unreviewed
CVE-2025-30746 was published Jul 15, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp:... Moderate Unreviewed
CVE-2025-36728 was published Jul 25, 2025
The Affiliate Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-7690 was published Jul 25, 2025
The iThoughts Advanced Code Editor plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-7835 was published Jul 25, 2025
A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an... High Unreviewed
CVE-2021-1257 was published May 24, 2022
Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to... Moderate Unreviewed
CVE-2024-11014 was published Nov 29, 2024
The Omnishop plugin for WordPress is vulnerable to Cross-Site Request Forgery on its /users... Moderate Unreviewed
CVE-2025-6214 was published Jul 23, 2025
The YANewsflash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-6054 was published Jul 23, 2025
Firebase vulnerable to CRSF attack Low
CVE-2024-4128 was published for firebase-tools (npm) May 2, 2024
Aim vulnerable to Cross-Site Request Forgery High
CVE-2024-7760 was published for aim (pip) Mar 20, 2025
The Like & Share My Site plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-7685 was published Jul 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database