GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,704
Composer 4,237
Erlang 31
GitHub Actions 20
Go 2,000
Maven 5,183
npm 3,711
NuGet 661
pip 3,383
Pub 11
RubyGems 885
Rust 849
Swift 36

Unreviewed advisories

All unreviewed 235,486

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

3,360 advisories

Filter by severity

Sort by

Least recently updated

The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when... Moderate Unreviewed

CVE-2024-8047 was published Sep 17, 2024

The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when... Moderate Unreviewed

CVE-2024-8044 was published Sep 17, 2024

Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge... Moderate Unreviewed

CVE-2023-7273 was published Oct 1, 2024

A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow... Moderate Unreviewed

CVE-2024-20414 was published Sep 25, 2024

MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability.... Moderate Unreviewed

CVE-2024-45372 was published Sep 26, 2024

A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a... Moderate Unreviewed

CVE-2024-42504 was published Oct 3, 2024

A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user... Moderate Unreviewed

CVE-2023-52060 was published Feb 13, 2024

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction &... Moderate Unreviewed

CVE-2024-8520 was published Oct 4, 2024

Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF)... Moderate Unreviewed

CVE-2024-45987 was published Sep 26, 2024

Cross-Site Request Forgery (CSRF) vulnerability in TinyPNG.This issue affects TinyPNG: from n/a... Moderate Unreviewed

CVE-2024-47635 was published Oct 5, 2024

The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating... Moderate Unreviewed

CVE-2024-7892 was published Sep 25, 2024

The DN Popup WordPress plugin through 1.2.2 does not have CSRF check in place when updating its... Moderate Unreviewed

CVE-2024-7690 was published Sep 2, 2024

The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is... Moderate Unreviewed

CVE-2024-7687 was published Sep 9, 2024

The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and... Moderate Unreviewed

CVE-2024-7689 was published Sep 9, 2024

furlongm openvpn-monitor allows CSRF to disconnect an arbitrary client Moderate

CVE-2021-31604 was published for openvpn-monitor (pip) May 24, 2022

The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is... Moderate Unreviewed

CVE-2023-6499 was published Feb 12, 2024

The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating... Moderate Unreviewed

CVE-2023-6501 was published Feb 12, 2024

The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin... Moderate Unreviewed

CVE-2024-8477 was published Oct 10, 2024

The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library... Moderate Unreviewed

CVE-2021-25092 was published Feb 2, 2022

The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed

CVE-2024-9592 was published Oct 12, 2024

The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed

CVE-2024-9778 was published Oct 12, 2024

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions... Moderate Unreviewed

CVE-2024-45737 was published Oct 14, 2024

Plone contains Cross-site Request Forgery Moderate

CVE-2012-5500 was published for plone (pip) May 17, 2022

Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site... Moderate Unreviewed

CVE-2024-48278 was published Oct 15, 2024

IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an... Moderate Unreviewed

CVE-2024-49340 was published Oct 16, 2024

Previous 1 2 … 129 130 131 132 133 134 135 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

3,360 advisories