Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

5,957 advisories

Loading
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers... High Unreviewed
CVE-2020-21236 was published Dec 29, 2021
The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before... Moderate Unreviewed
CVE-2021-24988 was published Dec 28, 2021
A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7... Moderate Unreviewed
CVE-2020-20943 was published Dec 28, 2021
A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft... High Unreviewed
CVE-2020-20945 was published Dec 28, 2021
A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a... Moderate Unreviewed
CVE-2020-20595 was published Dec 24, 2021
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to... High Unreviewed
CVE-2020-20593 was published Dec 24, 2021
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a... Moderate Unreviewed
CVE-2021-43156 was published Dec 23, 2021
In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a... Moderate Unreviewed
CVE-2021-43158 was published Dec 23, 2021
Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon –... High Unreviewed
CVE-2021-36886 was published Dec 23, 2021
The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to... High Unreviewed
CVE-2021-24981 was published Dec 22, 2021
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered... High Unreviewed
CVE-2021-36887 was published Dec 21, 2021
Cross-site Request Forgery (CSRF) High
CVE-2017-1000069 was published for github.com/bitly/oauth2_proxy (Go) Dec 20, 2021
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4123 was published for remdex/livehelperchat (Composer) Dec 17, 2021
Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1.* when you upload an html... High Unreviewed
CVE-2021-45017 was published Dec 17, 2021
Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user... Moderate Unreviewed
CVE-2021-26800 was published Dec 17, 2021
Cross Site Request Forgery in mailman High
CVE-2021-44227 was published for mailman (pip) Dec 16, 2021
pimcore is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4082 was published for pimcore/pimcore (Composer) Dec 16, 2021
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4092 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ... Moderate Unreviewed
CVE-2021-44948 was published Dec 15, 2021
glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ... Moderate Unreviewed
CVE-2021-44942 was published Dec 15, 2021
The NEX-Forms WordPress plugin through 7.9.4 does not escape some of its settings and form fields... Moderate Unreviewed
CVE-2021-24705 was published Dec 14, 2021
The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its... Moderate Unreviewed
CVE-2021-24780 was published Dec 14, 2021
The WP Admin Logo Changer WordPress plugin through 1.0 does not have CSRF check when saving its... Moderate Unreviewed
CVE-2021-24784 was published Dec 14, 2021
The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation... Moderate Unreviewed
CVE-2021-24790 was published Dec 14, 2021
The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking Cross-Site Request Forgery ... Moderate Unreviewed
CVE-2021-24795 was published Dec 14, 2021
ProTip! Advisories are also available from the GraphQL API