GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
44 advisories
Filter by severity
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving...
Critical
Unreviewed
CVE-2015-20105
was published
Dec 3, 2021
The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings,...
Critical
Unreviewed
CVE-2021-24922
was published
Dec 14, 2021
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro...
Critical
Unreviewed
CVE-2021-25032
was published
Jan 11, 2022
BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full...
Critical
Unreviewed
CVE-2021-31589
was published
Feb 8, 2022
The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files,...
Critical
Unreviewed
CVE-2021-25010
was published
Mar 1, 2022
The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have...
Critical
Unreviewed
CVE-2022-1020
was published
Apr 19, 2022
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request...
Critical
Unreviewed
CVE-2018-1712
was published
May 13, 2022
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing...
Critical
Unreviewed
CVE-2017-16780
was published
May 13, 2022
CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The...
Critical
Unreviewed
CVE-2017-5959
was published
May 13, 2022
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1,...
Critical
Unreviewed
CVE-2017-6080
was published
May 13, 2022
Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin...
Critical
Unreviewed
CVE-2018-20577
was published
May 14, 2022
An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin...
Critical
Unreviewed
CVE-2018-18934
was published
May 14, 2022
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV...
Critical
Unreviewed
CVE-2017-5145
was published
May 17, 2022
Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as...
Critical
Unreviewed
CVE-2019-14551
was published
May 24, 2022
The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags...
Critical
Unreviewed
CVE-2021-24884
was published
May 24, 2022
Power BI Report Server Spoofing Vulnerability
Critical
Unreviewed
CVE-2021-41372
was published
May 24, 2022
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when...
Critical
Unreviewed
CVE-2022-1574
was published
Jun 28, 2022
The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter...
Critical
Unreviewed
CVE-2023-2601
was published
Jun 27, 2023
Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant...
Critical
Unreviewed
CVE-2022-44739
was published
Jul 6, 2023
The Rockwell Automation Enhanced HIM software contains
an API that the application uses that is...
Critical
Unreviewed
CVE-2023-2746
was published
Jul 11, 2023
Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform...
Critical
Unreviewed
CVE-2023-4659
was published
Oct 2, 2023
Cross Site Scripting vulnerability in Ruckus Wireless (CommScope) Ruckus CloudPath v.5.12.54414...
Critical
Unreviewed
CVE-2023-45992
was published
Oct 19, 2023
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh...
Critical
Unreviewed
CVE-2023-51545
was published
Dec 29, 2023
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute...
Critical
Unreviewed
CVE-2023-52200
was published
Jan 8, 2024
A cross-site request forgery (CSRF) vulnerability in all versions of the api and web server...
Critical
Unreviewed
CVE-2024-24593
was published
Feb 6, 2024
ProTip!
Advisories are also available from the
GraphQL API