GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
67 advisories
Filter by severity
Cross-Site Request Forgery (CSRF) vulnerability in Pearlbells Flash News / Post (Responsive)...
Critical
Unreviewed
CVE-2024-56012
was published
Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garza, Jr. GitSync allows Code Injection...
Critical
Unreviewed
CVE-2024-54368
was published
Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection...
Critical
Unreviewed
CVE-2024-54372
was published
Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in 荒野无灯 Hacklog DownloadManager allows Upload a...
Critical
Unreviewed
CVE-2024-52401
was published
Nov 19, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Cliconomics Exclusive Content Password Protect...
Critical
Unreviewed
CVE-2024-52402
was published
Nov 19, 2024
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the...
Critical
Unreviewed
CVE-2024-50966
was published
Nov 8, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Lukas Huser EKC Tournament Manager allows...
Critical
Unreviewed
CVE-2024-49674
was published
Oct 31, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code...
Critical
Unreviewed
CVE-2024-43984
was published
Oct 31, 2024
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request...
Critical
Unreviewed
CVE-2022-30357
was published
Oct 25, 2024
The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through...
Critical
Unreviewed
CVE-2024-8980
was published
Oct 22, 2024
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an...
Critical
Unreviewed
CVE-2024-44677
was published
Sep 10, 2024
The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Critical
Unreviewed
CVE-2024-7568
was published
Aug 24, 2024
Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF)...
Critical
Unreviewed
CVE-2024-42764
was published
Aug 23, 2024
A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory...
Critical
Unreviewed
CVE-2024-42581
was published
Aug 20, 2024
Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via...
Critical
Unreviewed
CVE-2024-41603
was published
Jul 19, 2024
An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1...
Critical
Unreviewed
CVE-2024-34502
was published
May 5, 2024
Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver...
Critical
Unreviewed
CVE-2024-33913
was published
May 2, 2024
An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information...
Critical
Unreviewed
CVE-2024-33449
was published
Apr 29, 2024
Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX...
Critical
Unreviewed
CVE-2024-30560
was published
Apr 25, 2024
XWiki Platform CSRF remote code execution through the realtime HTML Converter API
Critical
CVE-2024-31988
was published
for
org.xwiki.platform:xwiki-platform-realtime-ui
(Maven)
Apr 10, 2024
XWiki Platform CSRF remote code execution through scheduler job's document reference
Critical
CVE-2024-31986
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Apr 10, 2024
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src...
Critical
Unreviewed
CVE-2024-29684
was published
Mar 26, 2024
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication...
Critical
Unreviewed
CVE-2024-20252
was published
Feb 7, 2024
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication...
Critical
Unreviewed
CVE-2024-20254
was published
Feb 7, 2024
A cross-site request forgery (CSRF) vulnerability in all versions of the api and web server...
Critical
Unreviewed
CVE-2024-24593
was published
Feb 6, 2024
ProTip!
Advisories are also available from the
GraphQL API