Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

62 advisories

Loading
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the... Critical Unreviewed
CVE-2024-50966 was published Nov 8, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Lukas Huser EKC Tournament Manager allows... Critical Unreviewed
CVE-2024-49674 was published Oct 31, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code... Critical Unreviewed
CVE-2024-43984 was published Oct 31, 2024
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request... Critical Unreviewed
CVE-2022-30357 was published Oct 25, 2024
The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through... Critical Unreviewed
CVE-2024-8980 was published Oct 22, 2024
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an... Critical Unreviewed
CVE-2024-44677 was published Sep 10, 2024
The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Critical Unreviewed
CVE-2024-7568 was published Aug 24, 2024
Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF)... Critical Unreviewed
CVE-2024-42764 was published Aug 23, 2024
A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory... Critical Unreviewed
CVE-2024-42581 was published Aug 20, 2024
Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via... Critical Unreviewed
CVE-2024-41603 was published Jul 19, 2024
An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1... Critical Unreviewed
CVE-2024-34502 was published May 5, 2024
Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver... Critical Unreviewed
CVE-2024-33913 was published May 2, 2024
An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information... Critical Unreviewed
CVE-2024-33449 was published Apr 29, 2024
Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX... Critical Unreviewed
CVE-2024-30560 was published Apr 25, 2024
XWiki Platform CSRF remote code execution through the realtime HTML Converter API Critical
CVE-2024-31988 was published for org.xwiki.platform:xwiki-platform-realtime-ui (Maven) Apr 10, 2024
XWiki Platform CSRF remote code execution through scheduler job's document reference Critical
CVE-2024-31986 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 10, 2024
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src... Critical Unreviewed
CVE-2024-29684 was published Mar 26, 2024
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication... Critical Unreviewed
CVE-2024-20254 was published Feb 7, 2024
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication... Critical Unreviewed
CVE-2024-20252 was published Feb 7, 2024
A cross-site request forgery (CSRF) vulnerability in all versions of the api and web server... Critical Unreviewed
CVE-2024-24593 was published Feb 6, 2024
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation Critical
CVE-2024-22416 was published for pyload-ng (pip) Jan 19, 2024
PinkDraconian kaydoda
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute... Critical Unreviewed
CVE-2023-52200 was published Jan 8, 2024
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh... Critical Unreviewed
CVE-2023-51545 was published Dec 29, 2023
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass Critical
CVE-2023-50722 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 16, 2023
Run Shell Command allows Cross-Site Request Forgery Critical
CVE-2023-48292 was published for org.xwiki.contrib:xwiki-application-admintools (Maven) Nov 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database