GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
6,366 advisories
Filter by severity
The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Cross-Site...
Moderate
Unreviewed
CVE-2024-11975
was published
Dec 21, 2024
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross...
High
Unreviewed
CVE-2024-12771
was published
Dec 21, 2024
Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows...
High
Unreviewed
CVE-2024-37758
was published
Dec 20, 2024
The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Moderate
Unreviewed
CVE-2024-11812
was published
Dec 20, 2024
A privacy issue was addressed with improved private data redaction for log entries. This issue is...
Moderate
Unreviewed
CVE-2024-44293
was published
Dec 20, 2024
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin...
High
Unreviewed
CVE-2024-55088
was published
Dec 18, 2024
Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data...
Unknown
Unreviewed
CVE-2024-55089
was published
Dec 18, 2024
Atro CSRF Middleware Bypass (security.checkOrigin)
Moderate
CVE-2024-56140
was published
for
astro
(npm)
Dec 18, 2024
The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Moderate
Unreviewed
CVE-2024-12554
was published
Dec 18, 2024
The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site...
Moderate
Unreviewed
CVE-2024-12454
was published
Dec 18, 2024
The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Moderate
Unreviewed
CVE-2024-12219
was published
Dec 17, 2024
The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all...
Moderate
Unreviewed
CVE-2024-12220
was published
Dec 17, 2024
The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all...
High
Unreviewed
CVE-2024-12293
was published
Dec 17, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Tom Royal Stop Registration Spam allows Stored...
High
Unreviewed
CVE-2024-56017
was published
Dec 17, 2024
A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers...
High
Unreviewed
CVE-2024-37774
was published
Dec 17, 2024
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada:...
Moderate
Unreviewed
CVE-2024-54357
was published
Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in John Godley Tidy Up allows Reflected XSS.This...
High
Unreviewed
CVE-2024-56015
was published
Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Posti Posti Shipping allows Cross Site Request...
Moderate
Unreviewed
CVE-2024-56005
was published
Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Pearlbells Flash News / Post (Responsive)...
Critical
Unreviewed
CVE-2024-56012
was published
Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Phoetry phZoom allows Stored XSS.This issue...
High
Unreviewed
CVE-2024-54434
was published
Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Alok Tiwari Amazon Product Price allows Stored...
High
Unreviewed
CVE-2024-54439
was published
Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Jettochkin Jet Footer Code allows Stored XSS...
High
Unreviewed
CVE-2024-54436
was published
Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Onlywire Multi Autosubmitter...
High
Unreviewed
CVE-2024-54435
was published
Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in blueskyy WP-Ban-User allows Stored XSS.This...
High
Unreviewed
CVE-2024-54440
was published
Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in GAxx Gaxx Keywords allows Stored XSS.This...
High
Unreviewed
CVE-2024-54438
was published
Dec 16, 2024
ProTip!
Advisories are also available from the
GraphQL API