GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
6,370 advisories
Filter by severity
A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and...
Moderate
Unreviewed
CVE-2024-12955
was published
Dec 26, 2024
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages...
Moderate
Unreviewed
CVE-2024-12636
was published
Dec 25, 2024
REDCap through 15.0.0 has a security flaw in the Notes section of calendar events, exposing users...
High
Unreviewed
CVE-2024-56311
was published
Dec 22, 2024
REDCap through 15.0.0 has a security flaw in the Project Dashboards name, exposing users to a...
High
Unreviewed
CVE-2024-56310
was published
Dec 22, 2024
The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Cross-Site...
Moderate
Unreviewed
CVE-2024-11975
was published
Dec 21, 2024
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross...
High
Unreviewed
CVE-2024-12771
was published
Dec 21, 2024
Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows...
High
Unreviewed
CVE-2024-37758
was published
Dec 20, 2024
The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Moderate
Unreviewed
CVE-2024-11812
was published
Dec 20, 2024
A privacy issue was addressed with improved private data redaction for log entries. This issue is...
Moderate
Unreviewed
CVE-2024-44293
was published
Dec 20, 2024
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin...
High
Unreviewed
CVE-2024-55088
was published
Dec 18, 2024
Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data...
Unknown
Unreviewed
CVE-2024-55089
was published
Dec 18, 2024
Atro CSRF Middleware Bypass (security.checkOrigin)
Moderate
CVE-2024-56140
was published
for
astro
(npm)
Dec 18, 2024
The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Moderate
Unreviewed
CVE-2024-12554
was published
Dec 18, 2024
The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site...
Moderate
Unreviewed
CVE-2024-12454
was published
Dec 18, 2024
The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Moderate
Unreviewed
CVE-2024-12219
was published
Dec 17, 2024
The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all...
Moderate
Unreviewed
CVE-2024-12220
was published
Dec 17, 2024
The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all...
High
Unreviewed
CVE-2024-12293
was published
Dec 17, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Tom Royal Stop Registration Spam allows Stored...
High
Unreviewed
CVE-2024-56017
was published
Dec 17, 2024
A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers...
High
Unreviewed
CVE-2024-37774
was published
Dec 17, 2024
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada:...
Moderate
Unreviewed
CVE-2024-54357
was published
Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Add image to Post allows Stored XSS...
High
Unreviewed
CVE-2024-54428
was published
Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Aleksander Novikov Metrika allows Cross Site...
High
Unreviewed
CVE-2024-54420
was published
Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Alok Tiwari Amazon Product Price allows Stored...
High
Unreviewed
CVE-2024-54439
was published
Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Phoetry phZoom allows Stored XSS.This issue...
High
Unreviewed
CVE-2024-54434
was published
Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in blueskyy WP-Ban-User allows Stored XSS.This...
High
Unreviewed
CVE-2024-54440
was published
Dec 16, 2024
ProTip!
Advisories are also available from the
GraphQL API