Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,245
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

57 advisories

Loading
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an... Critical Unreviewed
CVE-2024-44677 was published Sep 10, 2024
The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Critical Unreviewed
CVE-2024-7568 was published Aug 24, 2024
Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF)... Critical Unreviewed
CVE-2024-42764 was published Aug 23, 2024
A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory... Critical Unreviewed
CVE-2024-42581 was published Aug 20, 2024
Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via... Critical Unreviewed
CVE-2024-41603 was published Jul 19, 2024
An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1... Critical Unreviewed
CVE-2024-34502 was published May 5, 2024
Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver... Critical Unreviewed
CVE-2024-33913 was published May 2, 2024
An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information... Critical Unreviewed
CVE-2024-33449 was published Apr 29, 2024
Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX... Critical Unreviewed
CVE-2024-30560 was published Apr 25, 2024
XWiki Platform CSRF remote code execution through the realtime HTML Converter API Critical
CVE-2024-31988 was published for org.xwiki.platform:xwiki-platform-realtime-ui (Maven) Apr 10, 2024
XWiki Platform CSRF remote code execution through scheduler job's document reference Critical
CVE-2024-31986 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 10, 2024
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src... Critical Unreviewed
CVE-2024-29684 was published Mar 26, 2024
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication... Critical Unreviewed
CVE-2024-20254 was published Feb 7, 2024
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication... Critical Unreviewed
CVE-2024-20252 was published Feb 7, 2024
A cross-site request forgery (CSRF) vulnerability in all versions of the api and web server... Critical Unreviewed
CVE-2024-24593 was published Feb 6, 2024
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation Critical
CVE-2024-22416 was published for pyload-ng (pip) Jan 19, 2024
PinkDraconian kaydoda
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute... Critical Unreviewed
CVE-2023-52200 was published Jan 8, 2024
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh... Critical Unreviewed
CVE-2023-51545 was published Dec 29, 2023
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass Critical
CVE-2023-50722 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 16, 2023
Run Shell Command allows Cross-Site Request Forgery Critical
CVE-2023-48292 was published for org.xwiki.contrib:xwiki-application-admintools (Maven) Nov 20, 2023
XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token Critical
CVE-2023-46242 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 7, 2023
Cross Site Scripting vulnerability in Ruckus Wireless (CommScope) Ruckus CloudPath v.5.12.54414... Critical Unreviewed
CVE-2023-45992 was published Oct 19, 2023
Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform... Critical Unreviewed
CVE-2023-4659 was published Oct 2, 2023
The Rockwell Automation Enhanced HIM software contains an API that the application uses that is... Critical Unreviewed
CVE-2023-2746 was published Jul 11, 2023
XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API Critical
CVE-2023-37277 was published for com.xpn.xwiki.platform:xwiki-core-rest-server (Maven) Jul 10, 2023
ProTip! Advisories are also available from the GraphQL API