Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,494
Maven
5,000+
npm
4,129
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

7,977 advisories

Loading
The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks... Moderate Unreviewed
CVE-2021-24801 was published May 24, 2022
The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor... Moderate Unreviewed
CVE-2021-24615 was published May 24, 2022
The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving... High Unreviewed
CVE-2021-24487 was published May 24, 2022
The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF... High Unreviewed
CVE-2021-24639 was published May 24, 2022
Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF)... Moderate Unreviewed
CVE-2022-30931 was published Jun 15, 2022
The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when... Moderate Unreviewed
CVE-2022-1594 was published Jun 14, 2022
Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is... Moderate Unreviewed
CVE-2022-1788 was published Jun 14, 2022
The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the... Moderate Unreviewed
CVE-2022-1793 was published Jun 14, 2022
The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when... Moderate Unreviewed
CVE-2022-1792 was published Jun 14, 2022
IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable... High Unreviewed
CVE-2016-9714 was published May 17, 2022
A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an... High Unreviewed
CVE-2016-15009 was published Jan 5, 2023
services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to... High Unreviewed
CVE-2017-11726 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x... High Unreviewed
CVE-2016-6893 was published May 17, 2022
The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place... High Unreviewed
CVE-2022-1758 was published Jun 14, 2022
The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when... Moderate Unreviewed
CVE-2022-1612 was published Jun 14, 2022
In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom... Moderate Unreviewed
CVE-2021-24388 was published May 24, 2022
The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly... Moderate Unreviewed
CVE-2021-24504 was published May 24, 2022
Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR... Moderate Unreviewed
CVE-2008-6449 was published May 17, 2022
The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its... Moderate Unreviewed
CVE-2021-24642 was published May 24, 2022
The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its... Moderate Unreviewed
CVE-2021-24685 was published May 24, 2022
The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSRF check when saving its... Moderate Unreviewed
CVE-2021-24595 was published May 24, 2022
The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its... Moderate Unreviewed
CVE-2021-24586 was published May 24, 2022
Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXplorer 2.3.3 and 2.3.4 allows... Moderate Unreviewed
CVE-2008-6639 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and... Moderate Unreviewed
CVE-2008-6169 was published May 17, 2022
The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place... High Unreviewed
CVE-2021-24565 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database