Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,740
Maven
5,000+
npm
4,338
NuGet
765
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,516 advisories

Loading
The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to... High Unreviewed
CVE-2021-25053 was published Jan 11, 2022
The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows... High Unreviewed
CVE-2021-25052 was published Jan 11, 2022
The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to... High Unreviewed
CVE-2021-25051 was published Jan 11, 2022
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37... High Unreviewed
CVE-2021-46147 was published Jan 11, 2022
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3... High Unreviewed
CVE-2021-34086 was published Jan 11, 2022
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin High
CVE-2022-20619 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
Credited to NotMyFault and westonsteimel
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the... High Unreviewed
CVE-2021-41597 was published Jan 13, 2022
Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Everywhere (WordPress plugin)... High Unreviewed
CVE-2021-23227 was published Jan 14, 2022
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7... High Unreviewed
CVE-2022-0180 was published Jan 18, 2022
The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart... High Unreviewed
CVE-2022-0215 was published Jan 19, 2022
An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5,... High Unreviewed
CVE-2022-0154 was published Jan 19, 2022
The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing... High Unreviewed
CVE-2021-43353 was published Jan 19, 2022
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4164 was published for calibreweb (pip) Jan 21, 2022
The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example... High Unreviewed
CVE-2021-25073 was published Jan 25, 2022
The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its... High Unreviewed
CVE-2021-24936 was published Jan 25, 2022
The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which... High Unreviewed
CVE-2021-24696 was published Jan 25, 2022
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public... High Unreviewed
CVE-2021-44122 was published Jan 27, 2022
Cross-Site Request Forgery in yetiforce High
CVE-2022-0269 was published for yetiforce/yetiforce-crm (Composer) Jan 27, 2022
Cross Site Request Forgery in Moodle High
CVE-2022-0335 was published for moodle/moodle (Composer) Jan 28, 2022
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component ... High Unreviewed
CVE-2022-23888 was published Jan 29, 2022
A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to... High Unreviewed
CVE-2021-22724 was published Jan 29, 2022
A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to... High Unreviewed
CVE-2021-22725 was published Jan 29, 2022
CSRF token missing in Symfony High
CVE-2022-23601 was published for symfony/framework-bundle (Composer) Feb 1, 2022
jderusse nexxome
ovrflo
Credited to jderusse, nexxome, and ovrflo
The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF... High Unreviewed
CVE-2021-24763 was published Feb 2, 2022
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could... High Unreviewed
CVE-2021-39044 was published Feb 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database