Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,335
Erlang
31
GitHub Actions
22
Go
2,097
Maven
5,000+
npm
3,762
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
883
Swift
37
Unreviewed advisories
All unreviewed
5,000+

6,704 advisories

Loading
The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in... Moderate Unreviewed
CVE-2021-24688 was published Mar 1, 2022
The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled... High Unreviewed
CVE-2021-24823 was published Mar 1, 2022
In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in "admin... High Unreviewed
CVE-2021-24704 was published Mar 1, 2022
The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in... High Unreviewed
CVE-2021-24803 was published Mar 1, 2022
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and... Moderate Unreviewed
CVE-2021-24730 was published Mar 1, 2022
The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the... Moderate Unreviewed
CVE-2021-24913 was published Mar 1, 2022
The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper... Moderate Unreviewed
CVE-2021-25011 was published Mar 1, 2022
The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in... Moderate Unreviewed
CVE-2021-25081 was published Mar 1, 2022
The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files,... Critical Unreviewed
CVE-2021-25010 was published Mar 1, 2022
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have... Moderate Unreviewed
CVE-2022-0345 was published Mar 1, 2022
The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting... Moderate Unreviewed
CVE-2022-0328 was published Mar 1, 2022
Cross Site Request Forgery in Apache JSPWiki High
CVE-2022-24947 was published for org.apache.jspwiki:jspwiki-main (Maven) Feb 26, 2022
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. High Unreviewed
CVE-2022-24342 was published Feb 26, 2022
A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware... High Unreviewed
CVE-2021-4030 was published Feb 25, 2022
Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management... Moderate Unreviewed
CVE-2022-21179 was published Feb 25, 2022
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have authorisation... Moderate Unreviewed
CVE-2022-0164 was published Feb 22, 2022
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in... Moderate Unreviewed
CVE-2022-0199 was published Feb 22, 2022
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert... High Unreviewed
CVE-2022-0134 was published Feb 22, 2022
The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu... Moderate Unreviewed
CVE-2022-0313 was published Feb 22, 2022
Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in... High Unreviewed
CVE-2022-23983 was published Feb 22, 2022
Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in... Moderate Unreviewed
CVE-2022-25599 was published Feb 22, 2022
Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an... Moderate Unreviewed
CVE-2021-45007 was published Feb 21, 2022
Cross-Site Request Forgery microweber Moderate
CVE-2022-0638 was published for microweber/microweber (Composer) Feb 18, 2022
A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch... Moderate Unreviewed
CVE-2021-46252 was published Feb 17, 2022
In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request... High Unreviewed
CVE-2022-25241 was published Feb 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database