GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,252 advisories
Filter by severity
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2...
Moderate
Unreviewed
CVE-2007-4893
was published
May 1, 2022
Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo...
Moderate
Unreviewed
CVE-2007-4822
was published
May 1, 2022
Apache Tomcat Example Application CSRF and XSS Vulnerabilities
Moderate
CVE-2007-4724
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and...
Moderate
Unreviewed
CVE-2007-4544
was published
May 1, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote...
Moderate
Unreviewed
CVE-2007-4541
was published
May 1, 2022
Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which...
Moderate
Unreviewed
CVE-2007-3457
was published
May 1, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2...
Moderate
Unreviewed
CVE-2007-3416
was published
May 1, 2022
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4...
Moderate
Unreviewed
CVE-2007-2589
was published
May 1, 2022
The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the...
Moderate
Unreviewed
CVE-2007-1520
was published
May 1, 2022
Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6...
Moderate
Unreviewed
CVE-2007-1489
was published
May 1, 2022
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and...
Moderate
Unreviewed
CVE-2007-1276
was published
May 1, 2022
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web...
Moderate
Unreviewed
CVE-2007-0044
was published
May 1, 2022
Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to...
Moderate
Unreviewed
CVE-2006-6741
was published
May 1, 2022
HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in...
Moderate
Unreviewed
CVE-2005-3348
was published
May 1, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2)...
Moderate
Unreviewed
CVE-2005-2059
was published
May 1, 2022
Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote...
Moderate
Unreviewed
CVE-2005-1947
was published
May 1, 2022
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5,...
Moderate
Unreviewed
CVE-2002-2426
was published
Apr 30, 2022
The FanBoxes extension for MediaWiki through 1.37.2 (before...
Moderate
Unreviewed
CVE-2022-29905
was published
Apr 30, 2022
The Private Domains extension for MediaWiki through 1.37.2 (before...
Moderate
Unreviewed
CVE-2022-29903
was published
Apr 30, 2022
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To...
Moderate
Unreviewed
CVE-2022-29414
was published
Apr 30, 2022
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer...
Moderate
Unreviewed
CVE-2022-27860
was published
Apr 29, 2022
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit...
Moderate
Unreviewed
CVE-2022-29413
was published
Apr 29, 2022
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin <= 3.1.6 on...
Moderate
Unreviewed
CVE-2022-29412
was published
Apr 29, 2022
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in...
Moderate
Unreviewed
CVE-2021-24805
was published
Apr 26, 2022
The myCred WordPress plugin before 2.4.4 does not have any authorisation and CSRF checks in the...
Moderate
Unreviewed
CVE-2022-0363
was published
Apr 26, 2022
ProTip!
Advisories are also available from the
GraphQL API