Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,000
Erlang
29
GitHub Actions
16
Go
1,787
Maven
5,000+
npm
3,547
NuGet
622
pip
3,143
Pub
10
RubyGems
839
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,518 advisories

Loading
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save. High Unreviewed
CVE-2024-22591 was published Jan 18, 2024
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del. High Unreviewed
CVE-2024-22568 was published Jan 18, 2024
Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the... High Unreviewed
CVE-2024-22715 was published Jan 17, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS... High Unreviewed
CVE-2022-41990 was published Jan 17, 2024
The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified... High Unreviewed
CVE-2022-3899 was published Jan 16, 2024
QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based... High Unreviewed
CVE-2023-51063 was published Jan 13, 2024
Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component ... High Unreviewed
CVE-2023-51949 was published Jan 12, 2024
An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative... High Unreviewed
CVE-2023-50931 was published Jan 9, 2024
An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an... High Unreviewed
CVE-2023-50932 was published Jan 9, 2024
An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user... High Unreviewed
CVE-2023-50930 was published Jan 9, 2024
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component ... High Unreviewed
CVE-2023-52072 was published Jan 9, 2024
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component ... High Unreviewed
CVE-2023-52073 was published Jan 9, 2024
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component... High Unreviewed
CVE-2023-52074 was published Jan 9, 2024
The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which... High Unreviewed
CVE-2023-6845 was published Jan 8, 2024
The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when... High Unreviewed
CVE-2023-6532 was published Jan 8, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor... High Unreviewed
CVE-2023-52150 was published Jan 5, 2024
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series... High Unreviewed
CVE-2023-5961 was published Dec 23, 2023
Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive Caddy – Smart Side Cart for... High Unreviewed
CVE-2023-49854 was published Dec 20, 2023
Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Post Type Page... High Unreviewed
CVE-2023-50372 was published Dec 20, 2023
Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For... High Unreviewed
CVE-2023-49855 was published Dec 20, 2023
A successful CSRF attack could force the user to perform state changing requests on the... High Unreviewed
CVE-2023-6689 was published Dec 20, 2023
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro... High Unreviewed
CVE-2023-5886 was published Dec 18, 2023
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro... High Unreviewed
CVE-2023-5882 was published Dec 18, 2023
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the... High Unreviewed
CVE-2023-50017 was published Dec 14, 2023
Cross-site request forgery vulnerability in Jenkins HTMLResource Plugin High
CVE-2023-50774 was published for org.jenkins-ci.plugins:htmlresource (Maven) Dec 13, 2023
ProTip! Advisories are also available from the GraphQL API