GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,740
Composer 4,239
Erlang 31
GitHub Actions 21
Go 2,007
Maven 5,196
npm 3,716
NuGet 662
pip 3,388
Pub 11
RubyGems 885
Rust 851
Swift 36

Unreviewed advisories

All unreviewed 235,795

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

3,365 advisories

Filter by severity

Sort by

Least recently updated

The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when... Moderate Unreviewed

CVE-2021-24328 was published May 24, 2022

This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading... Moderate Unreviewed

CVE-2021-24349 was published May 24, 2022

The Content Copy Protection & Prevent Image Save WordPress plugin through 1.3 does not check for... Moderate Unreviewed

CVE-2021-24333 was published May 24, 2022

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19... Moderate Unreviewed

CVE-2022-22361 was published Jun 1, 2022

Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an... Moderate Unreviewed

CVE-2022-45130 was published Nov 10, 2022

Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allows remote attackers to... Moderate Unreviewed

CVE-2010-1611 was published May 17, 2022

Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows... Moderate Unreviewed

CVE-2008-6832 was published May 17, 2022

Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and possibly earlier, allows... Moderate Unreviewed

CVE-2010-2345 was published May 17, 2022

A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote... Moderate Unreviewed

CVE-2022-30898 was published Jun 10, 2022

The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions,... Moderate Unreviewed

CVE-2022-1424 was published Jun 9, 2022

The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its... Moderate Unreviewed

CVE-2022-1712 was published Jun 9, 2022

Cross-site request forgery (CSRF) vulnerability in OpenEdit Digital Asset Management (DAM) before... Moderate Unreviewed

CVE-2008-6239 was published May 17, 2022

Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara before 1.0.15, 1.1.x before... Moderate Unreviewed

CVE-2010-1668 was published May 17, 2022

Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote... Moderate Unreviewed

CVE-2008-6331 was published May 17, 2022

Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote... Moderate Unreviewed

CVE-2008-7204 was published May 17, 2022

tnftpd before 20080929 splits large command strings into multiple commands, which allows remote... Moderate Unreviewed

CVE-2008-7016 was published May 17, 2022

Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x... Moderate Unreviewed

CVE-2008-6532 was published May 17, 2022

The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting... Moderate Unreviewed

CVE-2021-24434 was published May 24, 2022

The Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in place when saving... Moderate Unreviewed

CVE-2021-24431 was published May 24, 2022

The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image... Moderate Unreviewed

CVE-2021-24618 was published May 24, 2022

The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access... Moderate Unreviewed

CVE-2021-24584 was published May 24, 2022

Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2... Moderate Unreviewed

CVE-2021-36890 was published Jun 3, 2022

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when... Moderate Unreviewed

CVE-2021-24683 was published May 24, 2022

The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when... Moderate Unreviewed

CVE-2021-24543 was published May 24, 2022

The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create... Moderate Unreviewed

CVE-2021-24570 was published May 24, 2022

Previous 1 2 3 4 5 6 … 134 135 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

3,365 advisories