GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,352
Composer 4,362
Erlang 33
GitHub Actions 22
Go 2,134
Maven 5,313
npm 3,797
NuGet 687
pip 3,473
Pub 12
RubyGems 896
Rust 897
Swift 38

Unreviewed advisories

All unreviewed 245,318

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

6,120 advisories

Filter by severity

Sort by

Least recently updated

iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by... Moderate Unreviewed

CVE-2020-29292 was published Dec 31, 2021

Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most... High Unreviewed

CVE-2021-20165 was published Dec 31, 2021

A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers... High Unreviewed

CVE-2020-21236 was published Dec 29, 2021

The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before... Moderate Unreviewed

CVE-2021-24988 was published Dec 28, 2021

A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7... Moderate Unreviewed

CVE-2020-20943 was published Dec 28, 2021

A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft... High Unreviewed

CVE-2020-20945 was published Dec 28, 2021

A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a... Moderate Unreviewed

CVE-2020-20595 was published Dec 24, 2021

A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to... High Unreviewed

CVE-2020-20593 was published Dec 24, 2021

In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a... Moderate Unreviewed

CVE-2021-43158 was published Dec 23, 2021

In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a... Moderate Unreviewed

CVE-2021-43156 was published Dec 23, 2021

Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon –... High Unreviewed

CVE-2021-36886 was published Dec 23, 2021

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to... High Unreviewed

CVE-2021-24981 was published Dec 22, 2021

Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered... High Unreviewed

CVE-2021-36887 was published Dec 21, 2021

Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1.* when you upload an html... High Unreviewed

CVE-2021-45017 was published Dec 17, 2021

Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user... Moderate Unreviewed

CVE-2021-26800 was published Dec 17, 2021

glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ... Moderate Unreviewed

CVE-2021-44948 was published Dec 15, 2021

glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ... Moderate Unreviewed

CVE-2021-44942 was published Dec 15, 2021

The NEX-Forms WordPress plugin through 7.9.4 does not escape some of its settings and form fields... Moderate Unreviewed

CVE-2021-24705 was published Dec 14, 2021

The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its... Moderate Unreviewed

CVE-2021-24780 was published Dec 14, 2021

The WP Admin Logo Changer WordPress plugin through 1.0 does not have CSRF check when saving its... Moderate Unreviewed

CVE-2021-24784 was published Dec 14, 2021

The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation... Moderate Unreviewed

CVE-2021-24790 was published Dec 14, 2021

The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking Cross-Site Request Forgery ... Moderate Unreviewed

CVE-2021-24795 was published Dec 14, 2021

The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings,... Moderate Unreviewed

CVE-2021-24818 was published Dec 14, 2021

The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation... Moderate Unreviewed

CVE-2021-24836 was published Dec 14, 2021

The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings,... Critical Unreviewed

CVE-2021-24922 was published Dec 14, 2021

Previous 1 2 … 241 242 243 244 245 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

6,120 advisories