GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,960
Composer 4,279
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,237
npm 3,740
NuGet 668
pip 3,421
Pub 12
RubyGems 891
Rust 873
Swift 36

Unreviewed advisories

All unreviewed 238,851

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

5,664 advisories

Filter by severity

Sort by

Least recently updated

Cross-Site Request Forgery (CSRF) vulnerability leading to Database Reset in WordPress WP Reset... High Unreviewed

CVE-2021-36908 was published Nov 19, 2021

Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during... High Unreviewed

CVE-2021-44036 was published Nov 20, 2021

The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to... High Unreviewed

CVE-2021-39353 was published Nov 20, 2021

We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0... High Unreviewed

CVE-2021-34358 was published Nov 21, 2021

The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the... Moderate Unreviewed

CVE-2021-24703 was published Nov 24, 2021

Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to... High Unreviewed

CVE-2021-20845 was published Nov 25, 2021

The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to... High Unreviewed

CVE-2021-42358 was published Nov 30, 2021

The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce... High Unreviewed

CVE-2021-42364 was published Nov 30, 2021

The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk... Moderate Unreviewed

CVE-2021-24749 was published Nov 30, 2021

The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and... Moderate Unreviewed

CVE-2021-24822 was published Nov 30, 2021

Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel... High Unreviewed

CVE-2021-43137 was published Dec 2, 2021

Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1... High Unreviewed

CVE-2021-20860 was published Dec 2, 2021

Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions... High Unreviewed

CVE-2021-20851 was published Dec 2, 2021

The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving... Critical Unreviewed

CVE-2015-20105 was published Dec 3, 2021

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the... High Unreviewed

CVE-2021-29756 was published Dec 4, 2021

b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User... High Unreviewed

CVE-2021-31631 was published Dec 7, 2021

Serv-U server responds with valid CSRFToken when the request contains only Session. High Unreviewed

CVE-2021-35242 was published Dec 7, 2021

The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in... High Unreviewed

CVE-2021-24914 was published Dec 7, 2021

A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user... High Unreviewed

CVE-2020-19682 was published Dec 10, 2021

The Like Button Rating â™¥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation... High Unreviewed

CVE-2021-24945 was published Dec 14, 2021

The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings,... Critical Unreviewed

CVE-2021-24922 was published Dec 14, 2021

The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation... Moderate Unreviewed

CVE-2021-24836 was published Dec 14, 2021

The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings,... Moderate Unreviewed

CVE-2021-24818 was published Dec 14, 2021

The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking Cross-Site Request Forgery ... Moderate Unreviewed

CVE-2021-24795 was published Dec 14, 2021

The WP Admin Logo Changer WordPress plugin through 1.0 does not have CSRF check when saving its... Moderate Unreviewed

CVE-2021-24784 was published Dec 14, 2021

Previous 1 2 3 4 5 … 226 227 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

5,664 advisories