GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
5,973 advisories
Filter by severity
The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when...
Moderate
Unreviewed
CVE-2022-1828
was published
Jun 21, 2022
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a...
High
Unreviewed
CVE-2017-4998
was published
May 17, 2022
The WPlite WordPress plugin through 1.3.1 does not have CSRF check in place when updating its...
Moderate
Unreviewed
CVE-2022-1831
was published
Jun 21, 2022
The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when...
Moderate
Unreviewed
CVE-2022-1830
was published
Jun 21, 2022
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its...
Moderate
Unreviewed
CVE-2021-24839
was published
Feb 8, 2022
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at...
Moderate
Unreviewed
CVE-2021-36915
was published
Oct 12, 2022
Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated...
High
Unreviewed
CVE-2016-7507
was published
May 17, 2022
Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8...
High
Unreviewed
CVE-2017-9930
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier...
Moderate
Unreviewed
CVE-2022-27174
was published
Jun 14, 2022
The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its...
Moderate
Unreviewed
CVE-2022-1787
was published
Jun 14, 2022
The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when...
Moderate
Unreviewed
CVE-2022-1790
was published
Jun 14, 2022
An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated...
Moderate
Unreviewed
CVE-2022-31294
was published
Jun 17, 2022
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin <=...
High
Unreviewed
CVE-2022-29437
was published
Jun 16, 2022
The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions,...
Moderate
Unreviewed
CVE-2022-1845
was published
Jun 28, 2022
The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its...
Moderate
Unreviewed
CVE-2022-1844
was published
Jun 28, 2022
The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating...
Moderate
Unreviewed
CVE-2022-1914
was published
Jun 28, 2022
Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing...
High
Unreviewed
CVE-2017-1000008
was published
May 17, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1...
High
Unreviewed
CVE-2017-9413
was published
May 17, 2022
The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when...
Moderate
Unreviewed
CVE-2022-1603
was published
Jun 21, 2022
The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with...
Moderate
Unreviewed
CVE-2022-1630
was published
Jun 21, 2022
Cross-Site Request Forgery in Elefant CMS
High
CVE-2017-20062
was published
for
elefant/cms
(Composer)
Jun 21, 2022
A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This...
Moderate
Unreviewed
CVE-2017-20065
was published
Jun 21, 2022
Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before...
High
Unreviewed
CVE-2016-7123
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through...
High
Unreviewed
CVE-2016-6417
was published
May 17, 2022
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible...
High
Unreviewed
CVE-2017-11193
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API