Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,487 advisories

Loading
Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard bardwp allows Cross Site... Moderate Unreviewed
CVE-2025-64368 was published Oct 31, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner advanced... Moderate Unreviewed
CVE-2025-64357 was published Oct 31, 2025
The Depicter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less... Moderate Unreviewed
CVE-2025-8383 was published Oct 31, 2025
Quick.Cart is vulnerable to Cross-Site Request Forgery in product creation functionality.... Moderate Unreviewed
CVE-2025-10317 was published Oct 30, 2025
Drupal Currency allows Cross Site Request Forgery Moderate
CVE-2025-10930 was published for drupal/currency (Composer) Oct 30, 2025
Jenkins Publish to Bitbucket Plugin vulnerable to CSRF and missing permissions check Moderate
CVE-2025-64149 was published for org.jenkins-ci.plugins:publish-to-bitbucket (Maven) Oct 29, 2025
Jenkins Themis Plugin vulnerable to cross-site request forgery Moderate
CVE-2025-64136 was published for org.jenkins-ci.plugins:themis (Maven) Oct 29, 2025
Jenkins Extensible Choice Parameter Plugin vulnerable to cross-site request forgery Moderate
CVE-2025-64133 was published for jp.ikedam.jenkins.plugins:extensible-choice-parameter (Maven) Oct 29, 2025
Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery Moderate
CVE-2025-64141 was published for org.jenkins-ci.plugins:nexus-task-runner (Maven) Oct 29, 2025
Jenkins Start Windocks Containers Plugin vulnerable to cross-site request forgery Moderate
CVE-2025-64138 was published for org.jenkins-ci.plugins:windocks-start-container (Maven) Oct 29, 2025
A CSRF issue was discovered in the administrative web GUI in Blu-Castle BCUM221E 1.0.0P220507.... Moderate Unreviewed
CVE-2024-45161 was published Oct 29, 2025
Cross-Site Request Forgery (CSRF) vulnerability in WpEstate WP Rentals wprentals allows Cross... Moderate Unreviewed
CVE-2025-64286 was published Oct 29, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce premmerce allows Cross... Moderate Unreviewed
CVE-2025-64288 was published Oct 29, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Product Search for... Moderate Unreviewed
CVE-2025-64290 was published Oct 29, 2025
Cross-Site Request Forgery (CSRF) vulnerability in blubrry PowerPress Podcasting powerpress... Moderate Unreviewed
CVE-2025-64201 was published Oct 29, 2025
Cross-Site Request Forgery (CSRF) vulnerability in colabrio Stockie Extra stockie-extra allows... Moderate Unreviewed
CVE-2025-64226 was published Oct 29, 2025
Cross-Site Request Forgery (CSRF) vulnerability in highwarden Super Store Finder superstorefinder... Moderate Unreviewed
CVE-2025-58939 was published Oct 29, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box allows Cross Site Request... Moderate Unreviewed
CVE-2025-57931 was published Oct 29, 2025
Multiple CSRF attack vectors in JDownloads component 1.0.0-4.0.47 for Joomla were discovered. Moderate Unreviewed
CVE-2025-55758 was published Oct 28, 2025
An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does... Moderate Unreviewed
CVE-2025-54969 was published Oct 27, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Waituk Entrada theme allows Cross Site Request... Moderate Unreviewed
CVE-2025-58918 was published Oct 27, 2025
Cross-Site Request Forgery (CSRF) vulnerability in raychat Raychat raychat allows Cross Site... Moderate Unreviewed
CVE-2025-62975 was published Oct 27, 2025
A security flaw has been discovered in ajayrandhawa User-Management-PHP-MYSQL web up to... Moderate Unreviewed
CVE-2025-12202 was published Oct 27, 2025
The FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant... Moderate Unreviewed
CVE-2025-11976 was published Oct 25, 2025
The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-12072 was published Oct 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database