Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

6,370 advisories

Loading
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability Moderate
CVE-2023-48651 was published for concrete5/concrete5 (Composer) Feb 29, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Tom Royal Stop Registration Spam allows Stored... High Unreviewed
CVE-2024-56017 was published Dec 17, 2024
The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2024-12219 was published Dec 17, 2024
The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2024-12220 was published Dec 17, 2024
The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... High Unreviewed
CVE-2024-12293 was published Dec 17, 2024
A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers... High Unreviewed
CVE-2024-37774 was published Dec 17, 2024
The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2024-12554 was published Dec 18, 2024
The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2024-12454 was published Dec 18, 2024
Atro CSRF Middleware Bypass (security.checkOrigin) Moderate
CVE-2024-56140 was published for astro (npm) Dec 18, 2024
KageShiron ematipico
delucis ascorbic
The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2024-11812 was published Dec 20, 2024
A privacy issue was addressed with improved private data redaction for log entries. This issue is... Moderate Unreviewed
CVE-2024-44293 was published Dec 20, 2024
Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows... High Unreviewed
CVE-2024-37758 was published Dec 20, 2024
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin... High Unreviewed
CVE-2024-55088 was published Dec 18, 2024
Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data... Unknown Unreviewed
CVE-2024-55089 was published Dec 18, 2024
The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Cross-Site... Moderate Unreviewed
CVE-2024-11975 was published Dec 21, 2024
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross... High Unreviewed
CVE-2024-12771 was published Dec 21, 2024
REDCap through 15.0.0 has a security flaw in the Project Dashboards name, exposing users to a... High Unreviewed
CVE-2024-56310 was published Dec 22, 2024
REDCap through 15.0.0 has a security flaw in the Notes section of calendar events, exposing users... High Unreviewed
CVE-2024-56311 was published Dec 22, 2024
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages... Moderate Unreviewed
CVE-2024-12636 was published Dec 25, 2024
A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and... Moderate Unreviewed
CVE-2024-12955 was published Dec 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database