GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
3,015 advisories
Filter by severity
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the...
Moderate
Unreviewed
CVE-2021-24703
was published
Nov 24, 2021
The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk...
Moderate
Unreviewed
CVE-2021-24749
was published
Nov 30, 2021
The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and...
Moderate
Unreviewed
CVE-2021-24822
was published
Nov 30, 2021
The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation...
Moderate
Unreviewed
CVE-2021-24836
was published
Dec 14, 2021
The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings,...
Moderate
Unreviewed
CVE-2021-24818
was published
Dec 14, 2021
The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking Cross-Site Request Forgery ...
Moderate
Unreviewed
CVE-2021-24795
was published
Dec 14, 2021
The WP Admin Logo Changer WordPress plugin through 1.0 does not have CSRF check when saving its...
Moderate
Unreviewed
CVE-2021-24784
was published
Dec 14, 2021
The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation...
Moderate
Unreviewed
CVE-2021-24790
was published
Dec 14, 2021
The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its...
Moderate
Unreviewed
CVE-2021-24780
was published
Dec 14, 2021
The NEX-Forms WordPress plugin through 7.9.4 does not escape some of its settings and form fields...
Moderate
Unreviewed
CVE-2021-24705
was published
Dec 14, 2021
glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ...
Moderate
Unreviewed
CVE-2021-44942
was published
Dec 15, 2021
glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ...
Moderate
Unreviewed
CVE-2021-44948
was published
Dec 15, 2021
Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user...
Moderate
Unreviewed
CVE-2021-26800
was published
Dec 17, 2021
In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a...
Moderate
Unreviewed
CVE-2021-43158
was published
Dec 23, 2021
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a...
Moderate
Unreviewed
CVE-2021-43156
was published
Dec 23, 2021
A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a...
Moderate
Unreviewed
CVE-2020-20595
was published
Dec 24, 2021
A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7...
Moderate
Unreviewed
CVE-2020-20943
was published
Dec 28, 2021
The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before...
Moderate
Unreviewed
CVE-2021-24988
was published
Dec 28, 2021
iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by...
Moderate
Unreviewed
CVE-2020-29292
was published
Dec 31, 2021
A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0...
Moderate
Unreviewed
CVE-2021-46080
was published
Jan 7, 2022
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF...
Moderate
Unreviewed
CVE-2021-25025
was published
Jan 18, 2022
Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries...
Moderate
Unreviewed
CVE-2021-44777
was published
Jan 20, 2022
In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The...
Moderate
Unreviewed
CVE-2021-46028
was published
Jan 21, 2022
mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The...
Moderate
Unreviewed
CVE-2021-46027
was published
Jan 21, 2022
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the...
Moderate
Unreviewed
CVE-2021-25013
was published
Jan 25, 2022
ProTip!
Advisories are also available from the
GraphQL API