Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,050
Erlang
29
GitHub Actions
19
Go
1,876
Maven
5,000+
npm
3,602
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
813
Swift
35
Unreviewed advisories
All unreviewed
5,000+

56 advisories

Cross-site scripting in Swagger-UI Critical
CVE-2019-17495 was published for io.springfox:springfox-swagger-ui (Maven) Oct 15, 2019
mustafanaa
The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Critical Unreviewed
CVE-2024-7568 was published Aug 24, 2024
Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF)... Critical Unreviewed
CVE-2024-42764 was published Aug 23, 2024
An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1... Critical Unreviewed
CVE-2024-34502 was published May 5, 2024
A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory... Critical Unreviewed
CVE-2024-42581 was published Aug 20, 2024
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src... Critical Unreviewed
CVE-2024-29684 was published Mar 26, 2024
Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via... Critical Unreviewed
CVE-2024-41603 was published Jul 19, 2024
An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information... Critical Unreviewed
CVE-2024-33449 was published Apr 29, 2024
Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver... Critical Unreviewed
CVE-2024-33913 was published May 2, 2024
Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX... Critical Unreviewed
CVE-2024-30560 was published Apr 25, 2024
XWiki Platform CSRF remote code execution through the realtime HTML Converter API Critical
CVE-2024-31988 was published for org.xwiki.platform:xwiki-platform-realtime-ui (Maven) Apr 10, 2024
XWiki Platform CSRF remote code execution through scheduler job's document reference Critical
CVE-2024-31986 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 10, 2024
Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform... Critical Unreviewed
CVE-2023-4659 was published Oct 2, 2023
The Rockwell Automation Enhanced HIM software contains an API that the application uses that is... Critical Unreviewed
CVE-2023-2746 was published Jul 11, 2023
Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant... Critical Unreviewed
CVE-2022-44739 was published Jul 6, 2023
The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter... Critical Unreviewed
CVE-2023-2601 was published Jun 27, 2023
Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as... Critical Unreviewed
CVE-2019-14551 was published May 24, 2022
Cloud Foundry vulnerable to Cross-Site Request Forgery Critical
CVE-2016-6637 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication... Critical Unreviewed
CVE-2024-20254 was published Feb 7, 2024
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication... Critical Unreviewed
CVE-2024-20252 was published Feb 7, 2024
A cross-site request forgery (CSRF) vulnerability in all versions of the api and web server... Critical Unreviewed
CVE-2024-24593 was published Feb 6, 2024
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation Critical
CVE-2024-22416 was published for pyload-ng (pip) Jan 19, 2024
PinkDraconian kaydoda
Cross Site Scripting vulnerability in Ruckus Wireless (CommScope) Ruckus CloudPath v.5.12.54414... Critical Unreviewed
CVE-2023-45992 was published Oct 19, 2023
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute... Critical Unreviewed
CVE-2023-52200 was published Jan 8, 2024
Power BI Report Server Spoofing Vulnerability Critical Unreviewed
CVE-2021-41372 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API