Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

3,197 advisories

Loading
Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an... Moderate Unreviewed
CVE-2021-45007 was published Feb 21, 2022
A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch... Moderate Unreviewed
CVE-2021-46252 was published Feb 17, 2022
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers... Moderate Unreviewed
CVE-2021-43952 was published Feb 16, 2022
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers... Moderate Unreviewed
CVE-2021-43953 was published Feb 16, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify... Moderate Unreviewed
CVE-2021-43941 was published Feb 16, 2022
Cross-Site Request Forgery in mm_forum Moderate Unreviewed
CVE-2020-15516 was published Feb 15, 2022
The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when... Moderate Unreviewed
CVE-2021-24446 was published Feb 15, 2022
The Entity Embed module provides a filter to allow embedding entities in content fields. In... Moderate Unreviewed
CVE-2020-13673 was published Feb 12, 2022
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) Moderate Unreviewed
CVE-2022-0238 was published Feb 11, 2022
The MAZ Loader WordPress plugin through 1.3.4 does not enforce nonce checks, which allows... Moderate Unreviewed
CVE-2021-24668 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its... Moderate Unreviewed
CVE-2021-24839 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX... Moderate Unreviewed
CVE-2021-24843 was published Feb 8, 2022
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF... Moderate Unreviewed
CVE-2021-24993 was published Feb 8, 2022
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and... Moderate Unreviewed
CVE-2021-24947 was published Feb 8, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the... Moderate Unreviewed
CVE-2021-25108 was published Feb 8, 2022
The Error Log Viewer WordPress plugin through 1.1.1 does not perform nonce check when deleting a... Moderate Unreviewed
CVE-2021-24761 was published Feb 2, 2022
The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF... Moderate Unreviewed
CVE-2021-25072 was published Feb 2, 2022
The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library... Moderate Unreviewed
CVE-2021-25092 was published Feb 2, 2022
The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in... Moderate Unreviewed
CVE-2021-25097 was published Feb 2, 2022
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers... Moderate Unreviewed
CVE-2022-23887 was published Jan 29, 2022
The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the... Moderate Unreviewed
CVE-2021-24968 was published Jan 25, 2022
The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place... Moderate Unreviewed
CVE-2021-24989 was published Jan 25, 2022
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the... Moderate Unreviewed
CVE-2021-25013 was published Jan 25, 2022
mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The... Moderate Unreviewed
CVE-2021-46027 was published Jan 21, 2022
In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The... Moderate Unreviewed
CVE-2021-46028 was published Jan 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database