Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,800
Maven
5,000+
npm
4,426
NuGet
773
pip
4,199
Pub
12
RubyGems
968
Rust
1,086
Swift
47
Unreviewed advisories
All unreviewed
5,000+

8,449 advisories

Loading
The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User... Moderate Unreviewed
CVE-2025-14976 was published Jan 10, 2026
GestSup versions up to and including 3.2.56 contain a cross-site request forgery (CSRF)... High Unreviewed
CVE-2026-22194 was published Jan 9, 2026
The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for... Moderate Unreviewed
CVE-2025-13749 was published Jan 9, 2026
Authlib has 1-click Account Takeover vulnerability Moderate
CVE-2025-68158 was published for authlib (pip) Jan 8, 2026
davidbors-snyk
Credited to davidbors-snyk
React Router has CSRF issue in Action/Server Action Request Processing Moderate
CVE-2026-22030 was published for @remix-run/server-runtime (npm) Jan 8, 2026
Oceandust
Credited to Oceandust
Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print... Moderate Unreviewed
CVE-2025-61547 was published Jan 8, 2026
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery... Moderate Unreviewed
CVE-2019-25259 was published Jan 8, 2026
The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2025-14904 was published Jan 7, 2026
The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cross-Site Request Forgery ... Moderate Unreviewed
CVE-2025-14845 was published Jan 7, 2026
The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2025-14999 was published Jan 7, 2026
The Sticky Action Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-14465 was published Jan 7, 2026
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2025-14468 was published Jan 7, 2026
The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-13990 was published Jan 7, 2026
The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2025-14077 was published Jan 7, 2026
The HelpDesk contact form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-13657 was published Jan 7, 2026
The WP Status Notifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-13521 was published Jan 7, 2026
The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-13520 was published Jan 7, 2026
The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to... Moderate Unreviewed
CVE-2025-13527 was published Jan 7, 2026
The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-13519 was published Jan 7, 2026
iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that... Moderate Unreviewed
CVE-2020-36918 was published Jan 6, 2026
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows... Moderate Unreviewed
CVE-2020-36906 was published Jan 6, 2026
SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery... Moderate Unreviewed
CVE-2020-36908 was published Jan 6, 2026
Cross Site Request Forgery vulnerability in Employee Leave Management System v.2.1 allows a... Moderate Unreviewed
CVE-2025-67315 was published Jan 5, 2026
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request... Moderate Unreviewed
CVE-2025-53344 was published Jan 5, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager allows Cross Site... Moderate Unreviewed
CVE-2023-52212 was published Jan 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database