GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
5,288 advisories
Filter by severity
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to...
High
Unreviewed
CVE-2020-20593
was published
Dec 24, 2021
In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a...
Moderate
Unreviewed
CVE-2021-43158
was published
Dec 23, 2021
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a...
Moderate
Unreviewed
CVE-2021-43156
was published
Dec 23, 2021
Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon –...
High
Unreviewed
CVE-2021-36886
was published
Dec 23, 2021
The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to...
High
Unreviewed
CVE-2021-24981
was published
Dec 22, 2021
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered...
High
Unreviewed
CVE-2021-36887
was published
Dec 21, 2021
Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1.* when you upload an html...
High
Unreviewed
CVE-2021-45017
was published
Dec 17, 2021
Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user...
Moderate
Unreviewed
CVE-2021-26800
was published
Dec 17, 2021
glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ...
Moderate
Unreviewed
CVE-2021-44948
was published
Dec 15, 2021
glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ...
Moderate
Unreviewed
CVE-2021-44942
was published
Dec 15, 2021
The NEX-Forms WordPress plugin through 7.9.4 does not escape some of its settings and form fields...
Moderate
Unreviewed
CVE-2021-24705
was published
Dec 14, 2021
The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its...
Moderate
Unreviewed
CVE-2021-24780
was published
Dec 14, 2021
The WP Admin Logo Changer WordPress plugin through 1.0 does not have CSRF check when saving its...
Moderate
Unreviewed
CVE-2021-24784
was published
Dec 14, 2021
The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation...
Moderate
Unreviewed
CVE-2021-24790
was published
Dec 14, 2021
The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking Cross-Site Request Forgery ...
Moderate
Unreviewed
CVE-2021-24795
was published
Dec 14, 2021
The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings,...
Moderate
Unreviewed
CVE-2021-24818
was published
Dec 14, 2021
The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation...
Moderate
Unreviewed
CVE-2021-24836
was published
Dec 14, 2021
The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings,...
Critical
Unreviewed
CVE-2021-24922
was published
Dec 14, 2021
The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation...
High
Unreviewed
CVE-2021-24945
was published
Dec 14, 2021
A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user...
High
Unreviewed
CVE-2020-19682
was published
Dec 10, 2021
The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in...
High
Unreviewed
CVE-2021-24914
was published
Dec 7, 2021
Serv-U server responds with valid CSRFToken when the request contains only Session.
High
Unreviewed
CVE-2021-35242
was published
Dec 7, 2021
b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User...
High
Unreviewed
CVE-2021-31631
was published
Dec 7, 2021
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the...
High
Unreviewed
CVE-2021-29756
was published
Dec 4, 2021
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving...
Critical
Unreviewed
CVE-2015-20105
was published
Dec 3, 2021
ProTip!
Advisories are also available from the
GraphQL API