Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,360 advisories

Loading
The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when... Moderate Unreviewed
CVE-2021-24446 was published Feb 15, 2022
The Entity Embed module provides a filter to allow embedding entities in content fields. In... Moderate Unreviewed
CVE-2020-13673 was published Feb 12, 2022
Cross-Site Request Forgery in Drupal core Moderate
CVE-2020-13674 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) Moderate Unreviewed
CVE-2022-0238 was published Feb 11, 2022
Cross-Site Request Forgery in CakePHP Moderate
CVE-2020-15400 was published for cakephp/cakephp (Composer) Feb 10, 2022
markstory
Cross-Site Request Forgery Moderate
CVE-2020-7780 was published for com.softwaremill.akka-http-session:core_2.11 (Maven) Feb 9, 2022
Cross-Site Request Forgery in microweber Moderate
CVE-2022-0505 was published for microweber/microweber (Composer) Feb 9, 2022
The MAZ Loader WordPress plugin through 1.3.4 does not enforce nonce checks, which allows... Moderate Unreviewed
CVE-2021-24668 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its... Moderate Unreviewed
CVE-2021-24839 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX... Moderate Unreviewed
CVE-2021-24843 was published Feb 8, 2022
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and... Moderate Unreviewed
CVE-2021-24947 was published Feb 8, 2022
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF... Moderate Unreviewed
CVE-2021-24993 was published Feb 8, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the... Moderate Unreviewed
CVE-2021-25108 was published Feb 8, 2022
The Error Log Viewer WordPress plugin through 1.1.1 does not perform nonce check when deleting a... Moderate Unreviewed
CVE-2021-24761 was published Feb 2, 2022
The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF... Moderate Unreviewed
CVE-2021-25072 was published Feb 2, 2022
The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library... Moderate Unreviewed
CVE-2021-25092 was published Feb 2, 2022
The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in... Moderate Unreviewed
CVE-2021-25097 was published Feb 2, 2022
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers... Moderate Unreviewed
CVE-2022-23887 was published Jan 29, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat Moderate
CVE-2022-0231 was published for remdex/livehelperchat (Composer) Jan 26, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat Moderate
CVE-2022-0226 was published for remdex/livehelperchat (Composer) Jan 26, 2022
The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the... Moderate Unreviewed
CVE-2021-24968 was published Jan 25, 2022
The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place... Moderate Unreviewed
CVE-2021-24989 was published Jan 25, 2022
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the... Moderate Unreviewed
CVE-2021-25013 was published Jan 25, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2022-20612 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 21, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat Moderate
CVE-2022-0245 was published for livehelperchat/livehelperchat (Composer) Jan 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database