GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver...
Critical
Unreviewed
CVE-2024-33913
was published
May 2, 2024
Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX...
Critical
Unreviewed
CVE-2024-30560
was published
Apr 25, 2024
XWiki Platform CSRF remote code execution through the realtime HTML Converter API
Critical
CVE-2024-31988
was published
for
org.xwiki.platform:xwiki-platform-realtime-ui
(Maven)
Apr 10, 2024
XWiki Platform CSRF remote code execution through scheduler job's document reference
Critical
CVE-2024-31986
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Apr 10, 2024
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication...
Critical
Unreviewed
CVE-2024-20252
was published
Feb 7, 2024
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication...
Critical
Unreviewed
CVE-2024-20254
was published
Feb 7, 2024
A cross-site request forgery (CSRF) vulnerability in all versions of the api and web server...
Critical
Unreviewed
CVE-2024-24593
was published
Feb 6, 2024
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
Critical
CVE-2024-22416
was published
for
pyload-ng
(pip)
Jan 19, 2024
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute...
Critical
Unreviewed
CVE-2023-52200
was published
Jan 8, 2024
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh...
Critical
Unreviewed
CVE-2023-51545
was published
Dec 29, 2023
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass
Critical
CVE-2023-50722
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Dec 16, 2023
Run Shell Command allows Cross-Site Request Forgery
Critical
CVE-2023-48292
was published
for
org.xwiki.contrib:xwiki-application-admintools
(Maven)
Nov 20, 2023
XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token
Critical
CVE-2023-46242
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Nov 7, 2023
Cross Site Scripting vulnerability in Ruckus Wireless (CommScope) Ruckus CloudPath v.5.12.54414...
Critical
Unreviewed
CVE-2023-45992
was published
Oct 19, 2023
Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform...
Critical
Unreviewed
CVE-2023-4659
was published
Oct 2, 2023
The Rockwell Automation Enhanced HIM software contains
an API that the application uses that is...
Critical
Unreviewed
CVE-2023-2746
was published
Jul 11, 2023
XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API
Critical
CVE-2023-37277
was published
for
com.xpn.xwiki.platform:xwiki-core-rest-server
(Maven)
Jul 10, 2023
Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant...
Critical
Unreviewed
CVE-2022-44739
was published
Jul 6, 2023
The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter...
Critical
Unreviewed
CVE-2023-2601
was published
Jun 27, 2023
org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability
Critical
CVE-2023-29213
was published
for
org.xwiki.platform:xwiki-platform-logging-ui
(Maven)
Apr 12, 2023
XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery
Critical
CVE-2023-22457
was published
for
org.xwiki.contrib:application-ckeditor-ui
(Maven)
Jan 6, 2023
Tailscale Windows daemon is vulnerable to RCE via CSRF
Critical
CVE-2022-41924
was published
for
tailscale.com
(Go)
Nov 21, 2022
Insufficient user input in Apache Jetspeed-2
Critical
CVE-2022-32533
was published
for
org.apache.portals.jetspeed-2:jetspeed-commons
(Maven)
Jul 7, 2022
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when...
Critical
Unreviewed
CVE-2022-1574
was published
Jun 28, 2022
Power BI Report Server Spoofing Vulnerability
Critical
Unreviewed
CVE-2021-41372
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API