Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

3,556 advisories

Loading
Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2... Moderate Unreviewed
CVE-2017-0045 was published May 17, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools)... Moderate Unreviewed
CVE-2010-1547 was published May 17, 2022
The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when... Moderate Unreviewed
CVE-2022-1759 was published Jun 14, 2022
The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker... Moderate Unreviewed
CVE-2022-1421 was published Jun 9, 2022
The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action... Moderate Unreviewed
CVE-2022-1422 was published Jun 9, 2022
Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal,... Moderate Unreviewed
CVE-2008-7151 was published May 17, 2022
The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on... Moderate Unreviewed
CVE-2022-1695 was published Jun 9, 2022
Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4.0.4 allows remote attackers... Moderate Unreviewed
CVE-2008-6801 was published May 17, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a... Moderate Unreviewed
CVE-2008-6384 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and... Moderate Unreviewed
CVE-2008-6169 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXplorer 2.3.3 and 2.3.4 allows... Moderate Unreviewed
CVE-2008-6639 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR... Moderate Unreviewed
CVE-2008-6449 was published May 17, 2022
The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its... Moderate Unreviewed
CVE-2021-24586 was published May 24, 2022
The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSRF check when saving its... Moderate Unreviewed
CVE-2021-24595 was published May 24, 2022
The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its... Moderate Unreviewed
CVE-2021-24642 was published May 24, 2022
The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its... Moderate Unreviewed
CVE-2021-24685 was published May 24, 2022
The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly... Moderate Unreviewed
CVE-2021-24504 was published May 24, 2022
In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom... Moderate Unreviewed
CVE-2021-24388 was published May 24, 2022
The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when... Moderate Unreviewed
CVE-2022-1612 was published Jun 14, 2022
The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when... Moderate Unreviewed
CVE-2022-1594 was published Jun 14, 2022
The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the... Moderate Unreviewed
CVE-2022-1793 was published Jun 14, 2022
The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when... Moderate Unreviewed
CVE-2022-1792 was published Jun 14, 2022
Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is... Moderate Unreviewed
CVE-2022-1788 was published Jun 14, 2022
Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF)... Moderate Unreviewed
CVE-2022-30931 was published Jun 15, 2022
The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor... Moderate Unreviewed
CVE-2021-24615 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database