Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

3,269 advisories

Loading
The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2024-9661 was published Feb 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in saleandro Songkick Concerts and Festivals... Moderate Unreviewed
CVE-2025-25146 was published Feb 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics allows... Moderate Unreviewed
CVE-2025-25145 was published Feb 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in ibasit GlobalQuran allows Cross Site Request... Moderate Unreviewed
CVE-2025-25143 was published Feb 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP Spell Check allows Cross... Moderate Unreviewed
CVE-2025-25111 was published Feb 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Indeed API allows Cross Site Request... Moderate Unreviewed
CVE-2025-25103 was published Feb 7, 2025
Cross-Site Request Forgery (CSRF) vulnerability in paulswarthout Child Themes Helper allows Path... Moderate Unreviewed
CVE-2025-25093 was published Feb 7, 2025
A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql... Moderate Unreviewed
CVE-2025-1084 was published Feb 7, 2025
Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management... Moderate Unreviewed
CVE-2024-57523 was published Feb 6, 2025
A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers... Moderate Unreviewed
CVE-2024-57429 was published Feb 6, 2025
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected... Moderate Unreviewed
CVE-2025-1074 was published Feb 6, 2025
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to... Moderate Unreviewed
CVE-2024-49794 was published Feb 6, 2025
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to... Moderate Unreviewed
CVE-2024-49795 was published Feb 6, 2025
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross... Moderate Unreviewed
CVE-2024-35138 was published Feb 4, 2025
The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2024-13356 was published Feb 4, 2025
The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2024-13510 was published Feb 4, 2025
Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2... Moderate Unreviewed
CVE-2025-24982 was published Feb 4, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Abinav Thakuri WordPress Signature allows... Moderate Unreviewed
CVE-2025-22704 was published Feb 3, 2025
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to... Moderate Unreviewed
CVE-2023-38739 was published Jan 31, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Brainvireinfo Dynamic URL SEO allows Cross... Moderate Unreviewed
CVE-2025-23985 was published Jan 31, 2025
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to... Moderate Unreviewed
CVE-2024-1211 was published Jan 31, 2025
The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2024-13512 was published Jan 30, 2025
The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2024-13758 was published Jan 30, 2025
The MailUp Auto Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2024-13521 was published Jan 28, 2025
Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction ... Moderate Unreviewed
CVE-2025-24540 was published Jan 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database