GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,932
Composer 4,273
Erlang 31
GitHub Actions 21
Go 2,049
Maven 5,232
npm 3,739
NuGet 668
pip 3,417
Pub 12
RubyGems 891
Rust 868
Swift 36

Unreviewed advisories

All unreviewed 238,439

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

6,366 advisories

Filter by severity

Sort by

Least recently updated

Cross-Site Request Forgery (CSRF) vulnerability in Tom Landis Fancy Roller Scroller allows Stored... High Unreviewed

CVE-2024-54351 was published Dec 13, 2024

Cross-Site Request Forgery (CSRF) vulnerability in Neuralabz LTD. AutoWP allows Cross Site... Moderate Unreviewed

CVE-2024-54300 was published Dec 13, 2024

Cross-Site Request Forgery (CSRF) vulnerability in KCT AIKCT Engine Chatbot, ChatGPT, Gemini, GPT... Moderate Unreviewed

CVE-2024-54306 was published Dec 13, 2024

Cross-Site Request Forgery (CSRF) vulnerability in AIpost AIcomments allows Cross Site Request... Moderate Unreviewed

CVE-2024-54307 was published Dec 13, 2024

Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support – WordPress Help... Moderate Unreviewed

CVE-2024-54321 was published Dec 13, 2024

Cross-Site Request Forgery (CSRF) vulnerability in Michael DUMONTET eewee admin custom allows... High Unreviewed

CVE-2024-54248 was published Dec 13, 2024

Cross-Site Request Forgery (CSRF) vulnerability in ilGhera Woocommerce Support System allows... Moderate Unreviewed

CVE-2023-41686 was published Dec 13, 2024

The Themify Store Locator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2024-12414 was published Dec 13, 2024

The Hello In All Languages plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed

CVE-2024-12572 was published Dec 13, 2024

The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Cross... Moderate Unreviewed

CVE-2024-12526 was published Dec 12, 2024

The HQ Rental Software plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... High Unreviewed

CVE-2024-11689 was published Dec 12, 2024

The Password for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed

CVE-2024-11419 was published Dec 12, 2024

The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2024-11417 was published Dec 12, 2024

The web application is not protected against cross-site request forgery attacks. Therefore, an... Moderate Unreviewed

CVE-2024-28141 was published Dec 11, 2024

The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2024-12004 was published Dec 11, 2024

Avenwu Whistle Cross-Site Request Forgery (CSRF) High

CVE-2024-55500 was published for whistle (npm) Dec 10, 2024

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM... High Unreviewed

CVE-2020-28398 was published Dec 10, 2024

Cross-Site Request Forgery (CSRF) vulnerability in Karl Kiesinger Country Blocker allows Stored... High Unreviewed

CVE-2024-54226 was published Dec 9, 2024

Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk TH Variation Swatches allows Cross... Moderate Unreviewed

CVE-2023-28688 was published Dec 9, 2024

Cross-Site Request Forgery (CSRF) vulnerability in Tickera.com Tickera allows Cross Site Request... Moderate Unreviewed

CVE-2023-23726 was published Dec 9, 2024

A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this... Moderate Unreviewed

CVE-2024-12349 was published Dec 9, 2024

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2024-12115 was published Dec 7, 2024

Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Namaste! LMS allows Cross Site... Moderate Unreviewed

CVE-2024-53809 was published Dec 6, 2024

Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widget allows Cross Site Request... High Unreviewed

CVE-2024-54205 was published Dec 6, 2024

The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request... Moderate Unreviewed

CVE-2024-11444 was published Dec 6, 2024

Previous 1 2 3 4 5 6 … 254 255 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

6,366 advisories