Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

3,141 advisories

Loading
A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a... Moderate Unreviewed
CVE-2020-20595 was published Dec 24, 2021
In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a... Moderate Unreviewed
CVE-2021-43158 was published Dec 23, 2021
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a... Moderate Unreviewed
CVE-2021-43156 was published Dec 23, 2021
Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user... Moderate Unreviewed
CVE-2021-26800 was published Dec 17, 2021
glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ... Moderate Unreviewed
CVE-2021-44948 was published Dec 15, 2021
glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ... Moderate Unreviewed
CVE-2021-44942 was published Dec 15, 2021
The NEX-Forms WordPress plugin through 7.9.4 does not escape some of its settings and form fields... Moderate Unreviewed
CVE-2021-24705 was published Dec 14, 2021
The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its... Moderate Unreviewed
CVE-2021-24780 was published Dec 14, 2021
The WP Admin Logo Changer WordPress plugin through 1.0 does not have CSRF check when saving its... Moderate Unreviewed
CVE-2021-24784 was published Dec 14, 2021
The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation... Moderate Unreviewed
CVE-2021-24790 was published Dec 14, 2021
The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking Cross-Site Request Forgery ... Moderate Unreviewed
CVE-2021-24795 was published Dec 14, 2021
The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings,... Moderate Unreviewed
CVE-2021-24818 was published Dec 14, 2021
The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation... Moderate Unreviewed
CVE-2021-24836 was published Dec 14, 2021
The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk... Moderate Unreviewed
CVE-2021-24749 was published Nov 30, 2021
The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and... Moderate Unreviewed
CVE-2021-24822 was published Nov 30, 2021
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the... Moderate Unreviewed
CVE-2021-24703 was published Nov 24, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database