GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
67 advisories
Filter by severity
Authentication Bypass by CSRF Weakness
Critical
GHSA-5629-8855-gf4g
was published
for
solidus_core
(RubyGems)
Nov 18, 2021
The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have...
Critical
Unreviewed
CVE-2022-1020
was published
Apr 19, 2022
Insufficient user input in Apache Jetspeed-2
Critical
CVE-2022-32533
was published
for
org.apache.portals.jetspeed-2:jetspeed-commons
(Maven)
Jul 7, 2022
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV...
Critical
Unreviewed
CVE-2017-5145
was published
May 17, 2022
The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags...
Critical
Unreviewed
CVE-2021-24884
was published
May 24, 2022
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving...
Critical
Unreviewed
CVE-2015-20105
was published
Dec 3, 2021
The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings,...
Critical
Unreviewed
CVE-2021-24922
was published
Dec 14, 2021
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request...
Critical
Unreviewed
CVE-2018-1712
was published
May 13, 2022
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing...
Critical
Unreviewed
CVE-2017-16780
was published
May 13, 2022
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro...
Critical
Unreviewed
CVE-2021-25032
was published
Jan 11, 2022
CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The...
Critical
Unreviewed
CVE-2017-5959
was published
May 13, 2022
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1,...
Critical
Unreviewed
CVE-2017-6080
was published
May 13, 2022
Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin...
Critical
Unreviewed
CVE-2018-20577
was published
May 14, 2022
An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin...
Critical
Unreviewed
CVE-2018-18934
was published
May 14, 2022
XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery
Critical
CVE-2023-22457
was published
for
org.xwiki.contrib:application-ckeditor-ui
(Maven)
Jan 6, 2023
BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full...
Critical
Unreviewed
CVE-2021-31589
was published
Feb 8, 2022
The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files,...
Critical
Unreviewed
CVE-2021-25010
was published
Mar 1, 2022
Authentication Bypass by CSRF Weakness
Critical
CVE-2021-41275
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
CVE-2021-41274
was published
for
solidus_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-gpqc-4pp7-5954
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-8xfw-5q82-3652
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-6mqr-q86q-6gwr
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Tailscale Windows daemon is vulnerable to RCE via CSRF
Critical
CVE-2022-41924
was published
for
tailscale.com
(Go)
Nov 21, 2022
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when...
Critical
Unreviewed
CVE-2022-1574
was published
Jun 28, 2022
phpMyAdmin CSRF Vulnerability
Critical
CVE-2016-9866
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API