GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,028
Composer 5,080
Erlang 39
GitHub Actions 38
Go 2,750
Maven 6,169
npm 4,353
NuGet 765
pip 4,114
Pub 12
RubyGems 960
Rust 1,069
Swift 45

Unreviewed advisories

All unreviewed 280,625

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

8,332 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Image Slider by Ays- Responsive Slider and Carousel plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-14454 was published Dec 13, 2025

The Popover Windows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions... Moderate Unreviewed

CVE-2025-14394 was published Dec 13, 2025

The Lucky Draw Contests plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-14462 was published Dec 13, 2025

OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of... High Unreviewed

CVE-2025-13970 was published Dec 13, 2025

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-14159 was published Dec 12, 2025

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-12407 was published Dec 12, 2025

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0,... Moderate Unreviewed

CVE-2025-58576 was published Dec 12, 2025

The Truefy Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2025-14161 was published Dec 12, 2025

The Upcoming for Calendly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-14160 was published Dec 12, 2025

The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-14162 was published Dec 12, 2025

The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-14354 was published Dec 12, 2025

The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed

CVE-2025-14391 was published Dec 12, 2025

The Coding Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-14158 was published Dec 12, 2025

The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-14165 was published Dec 12, 2025

The Purchase and Expense Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed

CVE-2025-13987 was published Dec 12, 2025

The Animated Pixel Marquee Creator plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2025-14062 was published Dec 12, 2025

The IMAQ Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed

CVE-2025-13363 was published Dec 12, 2025

The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2025-13366 was published Dec 12, 2025

The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for... Moderate Unreviewed

CVE-2025-13408 was published Dec 12, 2025

SpinetiX Fusion Digital Signage 3.4.8 contains a cross-site request forgery vulnerability that... Moderate Unreviewed

CVE-2020-36886 was published Dec 10, 2025

UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that... High Unreviewed

CVE-2020-36901 was published Dec 10, 2025

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability... High Unreviewed

CVE-2020-36900 was published Dec 10, 2025

1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality Moderate

CVE-2025-34430 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025

1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality High

CVE-2025-34429 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025

Jenkins has a CSRF vulnerability on the login form Low

CVE-2025-67639 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025

Previous1…334 Next

Previous 1 2 3 4 5 … 333 334 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

8,332 advisories