GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,912
Composer 5,067
Erlang 39
GitHub Actions 38
Go 2,717
Maven 6,143
npm 4,328
NuGet 761
pip 4,105
Pub 12
RubyGems 958
Rust 1,065
Swift 45

Unreviewed advisories

All unreviewed 278,969

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

8,265 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The... Moderate Unreviewed

CVE-2025-14117 was published Dec 6, 2025

The WP Landing Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-13629 was published Dec 6, 2025

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery... High Unreviewed

CVE-2025-12879 was published Dec 5, 2025

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version... Moderate Unreviewed

CVE-2025-13684 was published Dec 5, 2025

The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for... Moderate Unreviewed

CVE-2025-12130 was published Dec 5, 2025

The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress... Moderate Unreviewed

CVE-2025-12373 was published Dec 5, 2025

The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-13621 was published Dec 5, 2025

The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed

CVE-2025-10055 was published Dec 5, 2025

The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-13144 was published Dec 5, 2025

The Norby AI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed

CVE-2025-13362 was published Dec 5, 2025

The Quantic Social Image Hover plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed

CVE-2025-13360 was published Dec 5, 2025

The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed

CVE-2025-12128 was published Dec 5, 2025

The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai... Moderate Unreviewed

CVE-2025-12189 was published Dec 5, 2025

The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed

CVE-2025-12190 was published Dec 5, 2025

The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-11759 was published Dec 5, 2025

Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation... Critical Unreviewed

CVE-2024-45538 was published Dec 4, 2025

The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross... Moderate Unreviewed

CVE-2025-12358 was published Dec 3, 2025

Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7... Low Unreviewed

CVE-2025-13871 was published Dec 2, 2025

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed

CVE-2025-13140 was published Dec 2, 2025

The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2025-13685 was published Dec 2, 2025

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-13606 was published Dec 2, 2025

PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the... High Unreviewed

CVE-2025-65840 was published Dec 1, 2025

A cross-site request forgery (csrf) vulnerability exists in the WEBVIEW-M functionality of... High Unreviewed

CVE-2024-53684 was published Dec 1, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Tekrom Technology Inc. T-Soft E-Commerce... Moderate Unreviewed

CVE-2025-13296 was published Dec 1, 2025

A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This... Moderate Unreviewed

CVE-2025-13790 was published Nov 30, 2025

Previous1…331 Next

Previous 1 2 3 4 5 … 330 331 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

8,265 advisories