Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,565 advisories

Loading
A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The... Moderate Unreviewed
CVE-2025-14117 was published Dec 6, 2025
The WP Landing Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-13629 was published Dec 6, 2025
The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for... Moderate Unreviewed
CVE-2025-12130 was published Dec 5, 2025
The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version... Moderate Unreviewed
CVE-2025-13684 was published Dec 5, 2025
The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress... Moderate Unreviewed
CVE-2025-12373 was published Dec 5, 2025
The Quantic Social Image Hover plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2025-13360 was published Dec 5, 2025
The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-13621 was published Dec 5, 2025
The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-10055 was published Dec 5, 2025
The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-13144 was published Dec 5, 2025
The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai... Moderate Unreviewed
CVE-2025-12189 was published Dec 5, 2025
The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-12190 was published Dec 5, 2025
The Norby AI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2025-13362 was published Dec 5, 2025
The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-12128 was published Dec 5, 2025
The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-11759 was published Dec 5, 2025
The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting... Moderate Unreviewed
CVE-2025-11154 was published Oct 27, 2025
The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross... Moderate Unreviewed
CVE-2025-12358 was published Dec 3, 2025
The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-13685 was published Dec 2, 2025
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-13140 was published Dec 2, 2025
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-13606 was published Dec 2, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Tekrom Technology Inc. T-Soft E-Commerce... Moderate Unreviewed
CVE-2025-13296 was published Dec 1, 2025
A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This... Moderate Unreviewed
CVE-2025-13790 was published Nov 30, 2025
Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0. Moderate Unreviewed
CVE-2025-51733 was published Nov 28, 2025
The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed
CVE-2025-13737 was published Nov 28, 2025
Atro CSRF Middleware Bypass (security.checkOrigin) Moderate
CVE-2024-56140 was published for astro (npm) Dec 18, 2024
KageShiron ematipico
delucis ascorbic
Credited to KageShiron, ematipico, delucis, and ascorbic
The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross... Moderate Unreviewed
CVE-2025-13143 was published Nov 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database