Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

5,973 advisories

Loading
The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when... Moderate Unreviewed
CVE-2022-1828 was published Jun 21, 2022
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a... High Unreviewed
CVE-2017-4998 was published May 17, 2022
The WPlite WordPress plugin through 1.3.1 does not have CSRF check in place when updating its... Moderate Unreviewed
CVE-2022-1831 was published Jun 21, 2022
The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when... Moderate Unreviewed
CVE-2022-1830 was published Jun 21, 2022
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its... Moderate Unreviewed
CVE-2021-24839 was published Feb 8, 2022
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at... Moderate Unreviewed
CVE-2021-36915 was published Oct 12, 2022
Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated... High Unreviewed
CVE-2016-7507 was published May 17, 2022
Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8... High Unreviewed
CVE-2017-9930 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier... Moderate Unreviewed
CVE-2022-27174 was published Jun 14, 2022
The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its... Moderate Unreviewed
CVE-2022-1787 was published Jun 14, 2022
The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when... Moderate Unreviewed
CVE-2022-1790 was published Jun 14, 2022
An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated... Moderate Unreviewed
CVE-2022-31294 was published Jun 17, 2022
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin <=... High Unreviewed
CVE-2022-29437 was published Jun 16, 2022
The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions,... Moderate Unreviewed
CVE-2022-1845 was published Jun 28, 2022
The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its... Moderate Unreviewed
CVE-2022-1844 was published Jun 28, 2022
The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating... Moderate Unreviewed
CVE-2022-1914 was published Jun 28, 2022
Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing... High Unreviewed
CVE-2017-1000008 was published May 17, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1... High Unreviewed
CVE-2017-9413 was published May 17, 2022
The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when... Moderate Unreviewed
CVE-2022-1603 was published Jun 21, 2022
The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with... Moderate Unreviewed
CVE-2022-1630 was published Jun 21, 2022
Cross-Site Request Forgery in Elefant CMS High
CVE-2017-20062 was published for elefant/cms (Composer) Jun 21, 2022
A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This... Moderate Unreviewed
CVE-2017-20065 was published Jun 21, 2022
Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before... High Unreviewed
CVE-2016-7123 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through... High Unreviewed
CVE-2016-6417 was published May 17, 2022
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible... High Unreviewed
CVE-2017-11193 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API