GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
57 advisories
Filter by severity
Power BI Report Server Spoofing Vulnerability
Critical
Unreviewed
CVE-2021-41372
was published
May 24, 2022
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh...
Critical
Unreviewed
CVE-2023-51545
was published
Dec 29, 2023
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass
Critical
CVE-2023-50722
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Dec 16, 2023
Run Shell Command allows Cross-Site Request Forgery
Critical
CVE-2023-48292
was published
for
org.xwiki.contrib:xwiki-application-admintools
(Maven)
Nov 20, 2023
XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token
Critical
CVE-2023-46242
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Nov 7, 2023
org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability
Critical
CVE-2023-29213
was published
for
org.xwiki.platform:xwiki-platform-logging-ui
(Maven)
Apr 12, 2023
XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API
Critical
CVE-2023-37277
was published
for
com.xpn.xwiki.platform:xwiki-core-rest-server
(Maven)
Jul 10, 2023
phpMyAdmin CSRF Vulnerability
Critical
CVE-2016-9866
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when...
Critical
Unreviewed
CVE-2022-1574
was published
Jun 28, 2022
Tailscale Windows daemon is vulnerable to RCE via CSRF
Critical
CVE-2022-41924
was published
for
tailscale.com
(Go)
Nov 21, 2022
Authentication Bypass by CSRF Weakness
Critical
GHSA-6mqr-q86q-6gwr
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-8xfw-5q82-3652
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-gpqc-4pp7-5954
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
CVE-2021-41274
was published
for
solidus_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
CVE-2021-41275
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files,...
Critical
Unreviewed
CVE-2021-25010
was published
Mar 1, 2022
BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full...
Critical
Unreviewed
CVE-2021-31589
was published
Feb 8, 2022
XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery
Critical
CVE-2023-22457
was published
for
org.xwiki.contrib:application-ckeditor-ui
(Maven)
Jan 6, 2023
An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin...
Critical
Unreviewed
CVE-2018-18934
was published
May 14, 2022
Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin...
Critical
Unreviewed
CVE-2018-20577
was published
May 14, 2022
CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The...
Critical
Unreviewed
CVE-2017-5959
was published
May 13, 2022
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1,...
Critical
Unreviewed
CVE-2017-6080
was published
May 13, 2022
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro...
Critical
Unreviewed
CVE-2021-25032
was published
Jan 11, 2022
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing...
Critical
Unreviewed
CVE-2017-16780
was published
May 13, 2022
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request...
Critical
Unreviewed
CVE-2018-1712
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API