GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+
69 advisories
Filter by severity
Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin...
Critical
Unreviewed
CVE-2018-20577
was published
May 14, 2022
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1,...
Critical
Unreviewed
CVE-2017-6080
was published
May 13, 2022
CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The...
Critical
Unreviewed
CVE-2017-5959
was published
May 13, 2022
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing...
Critical
Unreviewed
CVE-2017-16780
was published
May 13, 2022
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request...
Critical
Unreviewed
CVE-2018-1712
was published
May 13, 2022
Cloud Foundry vulnerable to Cross-Site Request Forgery
Critical
CVE-2016-6637
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have...
Critical
Unreviewed
CVE-2022-1020
was published
Apr 19, 2022
The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files,...
Critical
Unreviewed
CVE-2021-25010
was published
Mar 1, 2022
BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full...
Critical
Unreviewed
CVE-2021-31589
was published
Feb 8, 2022
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro...
Critical
Unreviewed
CVE-2021-25032
was published
Jan 11, 2022
The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings,...
Critical
Unreviewed
CVE-2021-24922
was published
Dec 14, 2021
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving...
Critical
Unreviewed
CVE-2015-20105
was published
Dec 3, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-gpqc-4pp7-5954
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-8xfw-5q82-3652
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-6mqr-q86q-6gwr
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
CVE-2021-41275
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-5629-8855-gf4g
was published
for
solidus_core
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
CVE-2021-41274
was published
for
solidus_auth_devise
(RubyGems)
Nov 18, 2021
Cross-site scripting in Swagger-UI
Critical
CVE-2019-17495
was published
for
io.springfox:springfox-swagger-ui
(Maven)
Oct 15, 2019
ProTip!
Advisories are also available from the
GraphQL API