GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,150
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
5,821 advisories
Filter by severity
gotortc vulnerable to Cross-Site Request Forgery
High
CVE-2024-29192
was published
for
github.com/AlexxIT/go2rtc
(Go)
Aug 5, 2024
Owncast Cross-Site Request Forgery vulnerability
High
CVE-2024-29026
was published
for
github.com/owncast/owncast
(Go)
Aug 5, 2024
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
Low
CVE-2024-41811
was published
for
ipl/web
(Composer)
Aug 5, 2024
A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been classified as...
Moderate
Unreviewed
CVE-2024-7459
was published
Aug 5, 2024
A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as...
Moderate
Unreviewed
CVE-2024-7460
was published
Aug 5, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson WP GoToWebinar allows Cross-Site...
High
Unreviewed
CVE-2024-38776
was published
Aug 2, 2024
The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Cross...
High
Unreviewed
CVE-2024-3238
was published
Aug 2, 2024
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Realtime...
Moderate
Unreviewed
CVE-2024-7367
was published
Aug 1, 2024
Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request...
Moderate
Unreviewed
CVE-2024-32863
was published
Aug 1, 2024
A vulnerability classified as problematic has been found in SourceCodester Tracking Monitoring...
Moderate
Unreviewed
CVE-2024-7360
was published
Aug 1, 2024
A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform...
Moderate
Unreviewed
CVE-2024-3083
was published
Jul 31, 2024
A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to...
High
Unreviewed
CVE-2024-41305
was published
Jul 30, 2024
IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an...
Moderate
Unreviewed
CVE-2023-38001
was published
Jul 30, 2024
A vulnerability was found in SourceCodester Medicine Tracker System 1.0. It has been declared as...
Moderate
Unreviewed
CVE-2024-7226
was published
Jul 30, 2024
The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when...
Moderate
Unreviewed
CVE-2024-5285
was published
Jul 29, 2024
A vulnerability classified as problematic has been found in SourceCodester School Fees Payment...
Moderate
Unreviewed
CVE-2024-7169
was published
Jul 28, 2024
A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this...
Moderate
Unreviewed
CVE-2024-7161
was published
Jul 28, 2024
A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this...
Moderate
Unreviewed
CVE-2024-7106
was published
Jul 25, 2024
A vulnerability was found in Spina CMS up to 2.18.0. It has been classified as problematic....
Moderate
Unreviewed
CVE-2024-7065
was published
Jul 24, 2024
The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all...
Moderate
Unreviewed
CVE-2024-3246
was published
Jul 24, 2024
The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Moderate
Unreviewed
CVE-2024-6751
was published
Jul 24, 2024
The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places,...
High
Unreviewed
CVE-2024-6244
was published
Jul 22, 2024
The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting...
Moderate
Unreviewed
CVE-2024-6271
was published
Jul 22, 2024
The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site...
Moderate
Unreviewed
CVE-2024-5804
was published
Jul 20, 2024
ProcessWire Cross Site Request Forgery vulnerability
Moderate
CVE-2024-41597
was published
for
processwire/processwire
(Composer)
Jul 19, 2024
ProTip!
Advisories are also available from the
GraphQL API