Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

6,133 advisories

Loading
Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most... High Unreviewed
CVE-2021-20165 was published Dec 31, 2021
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers... High Unreviewed
CVE-2020-21236 was published Dec 29, 2021
The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before... Moderate Unreviewed
CVE-2021-24988 was published Dec 28, 2021
A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7... Moderate Unreviewed
CVE-2020-20943 was published Dec 28, 2021
A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft... High Unreviewed
CVE-2020-20945 was published Dec 28, 2021
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to... High Unreviewed
CVE-2020-20593 was published Dec 24, 2021
A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a... Moderate Unreviewed
CVE-2020-20595 was published Dec 24, 2021
In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a... Moderate Unreviewed
CVE-2021-43158 was published Dec 23, 2021
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a... Moderate Unreviewed
CVE-2021-43156 was published Dec 23, 2021
Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon –... High Unreviewed
CVE-2021-36886 was published Dec 23, 2021
The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to... High Unreviewed
CVE-2021-24981 was published Dec 22, 2021
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered... High Unreviewed
CVE-2021-36887 was published Dec 21, 2021
Cross-site Request Forgery (CSRF) High
CVE-2017-1000069 was published for github.com/bitly/oauth2_proxy (Go) Dec 20, 2021
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4123 was published for remdex/livehelperchat (Composer) Dec 17, 2021
Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1.* when you upload an html... High Unreviewed
CVE-2021-45017 was published Dec 17, 2021
Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user... Moderate Unreviewed
CVE-2021-26800 was published Dec 17, 2021
Cross Site Request Forgery in mailman High
CVE-2021-44227 was published for mailman (pip) Dec 16, 2021
pimcore is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4082 was published for pimcore/pimcore (Composer) Dec 16, 2021
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4092 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ... Moderate Unreviewed
CVE-2021-44948 was published Dec 15, 2021
glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ... Moderate Unreviewed
CVE-2021-44942 was published Dec 15, 2021
The NEX-Forms WordPress plugin through 7.9.4 does not escape some of its settings and form fields... Moderate Unreviewed
CVE-2021-24705 was published Dec 14, 2021
The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its... Moderate Unreviewed
CVE-2021-24780 was published Dec 14, 2021
The WP Admin Logo Changer WordPress plugin through 1.0 does not have CSRF check when saving its... Moderate Unreviewed
CVE-2021-24784 was published Dec 14, 2021
The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation... Moderate Unreviewed
CVE-2021-24790 was published Dec 14, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database