GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
5,011 advisories
Filter by severity
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37...
High
Unreviewed
CVE-2021-46147
was published
Jan 11, 2022
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3...
High
Unreviewed
CVE-2021-34086
was published
Jan 11, 2022
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the...
High
Unreviewed
CVE-2021-41597
was published
Jan 13, 2022
Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Everywhere (WordPress plugin)...
High
Unreviewed
CVE-2021-23227
was published
Jan 14, 2022
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF...
Moderate
Unreviewed
CVE-2021-25025
was published
Jan 18, 2022
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7...
High
Unreviewed
CVE-2022-0180
was published
Jan 18, 2022
The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart...
High
Unreviewed
CVE-2022-0215
was published
Jan 19, 2022
An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5,...
High
Unreviewed
CVE-2022-0154
was published
Jan 19, 2022
The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing...
High
Unreviewed
CVE-2021-43353
was published
Jan 19, 2022
Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries...
Moderate
Unreviewed
CVE-2021-44777
was published
Jan 20, 2022
In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The...
Moderate
Unreviewed
CVE-2021-46028
was published
Jan 21, 2022
mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The...
Moderate
Unreviewed
CVE-2021-46027
was published
Jan 21, 2022
The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example...
High
Unreviewed
CVE-2021-25073
was published
Jan 25, 2022
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the...
Moderate
Unreviewed
CVE-2021-25013
was published
Jan 25, 2022
The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place...
Moderate
Unreviewed
CVE-2021-24989
was published
Jan 25, 2022
The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the...
Moderate
Unreviewed
CVE-2021-24968
was published
Jan 25, 2022
The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its...
High
Unreviewed
CVE-2021-24936
was published
Jan 25, 2022
The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which...
High
Unreviewed
CVE-2021-24696
was published
Jan 25, 2022
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public...
High
Unreviewed
CVE-2021-44122
was published
Jan 27, 2022
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers...
Moderate
Unreviewed
CVE-2022-23887
was published
Jan 29, 2022
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component ...
High
Unreviewed
CVE-2022-23888
was published
Jan 29, 2022
A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to...
High
Unreviewed
CVE-2021-22724
was published
Jan 29, 2022
A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to...
High
Unreviewed
CVE-2021-22725
was published
Jan 29, 2022
The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in...
Moderate
Unreviewed
CVE-2021-25097
was published
Feb 2, 2022
The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library...
Moderate
Unreviewed
CVE-2021-25092
was published
Feb 2, 2022
ProTip!
Advisories are also available from the
GraphQL API