Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,150
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

5,821 advisories

Loading
gotortc vulnerable to Cross-Site Request Forgery High
CVE-2024-29192 was published for github.com/AlexxIT/go2rtc (Go) Aug 5, 2024
Owncast Cross-Site Request Forgery vulnerability High
CVE-2024-29026 was published for github.com/owncast/owncast (Go) Aug 5, 2024
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF Low
CVE-2024-41811 was published for ipl/web (Composer) Aug 5, 2024
A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been classified as... Moderate Unreviewed
CVE-2024-7459 was published Aug 5, 2024
A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as... Moderate Unreviewed
CVE-2024-7460 was published Aug 5, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson WP GoToWebinar allows Cross-Site... High Unreviewed
CVE-2024-38776 was published Aug 2, 2024
The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Cross... High Unreviewed
CVE-2024-3238 was published Aug 2, 2024
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Realtime... Moderate Unreviewed
CVE-2024-7367 was published Aug 1, 2024
Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request... Moderate Unreviewed
CVE-2024-32863 was published Aug 1, 2024
A vulnerability classified as problematic has been found in SourceCodester Tracking Monitoring... Moderate Unreviewed
CVE-2024-7360 was published Aug 1, 2024
A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform... Moderate Unreviewed
CVE-2024-3083 was published Jul 31, 2024
A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to... High Unreviewed
CVE-2024-41305 was published Jul 30, 2024
IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an... Moderate Unreviewed
CVE-2023-38001 was published Jul 30, 2024
A vulnerability was found in SourceCodester Medicine Tracker System 1.0. It has been declared as... Moderate Unreviewed
CVE-2024-7226 was published Jul 30, 2024
The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when... Moderate Unreviewed
CVE-2024-5285 was published Jul 29, 2024
A vulnerability classified as problematic has been found in SourceCodester School Fees Payment... Moderate Unreviewed
CVE-2024-7169 was published Jul 28, 2024
A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this... Moderate Unreviewed
CVE-2024-7161 was published Jul 28, 2024
A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this... Moderate Unreviewed
CVE-2024-7106 was published Jul 25, 2024
A vulnerability was found in Spina CMS up to 2.18.0. It has been classified as problematic.... Moderate Unreviewed
CVE-2024-7065 was published Jul 24, 2024
The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2024-3246 was published Jul 24, 2024
The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2024-6751 was published Jul 24, 2024
The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places,... High Unreviewed
CVE-2024-6244 was published Jul 22, 2024
The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting... Moderate Unreviewed
CVE-2024-6271 was published Jul 22, 2024
The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2024-5804 was published Jul 20, 2024
ProcessWire Cross Site Request Forgery vulnerability Moderate
CVE-2024-41597 was published for processwire/processwire (Composer) Jul 19, 2024
ProTip! Advisories are also available from the GraphQL API