GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
5,662 advisories
Filter by severity
Cross-Site Request Forgery (CSRF) vulnerability in Plechev Andrey WP-Recall.This issue affects WP...
Moderate
Unreviewed
CVE-2024-35657
was published
Jun 8, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n...
Moderate
Unreviewed
CVE-2024-35689
was published
Jun 8, 2024
Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress.This issue affects...
Moderate
Unreviewed
CVE-2024-35684
was published
Jun 8, 2024
Zend-Diactoros URL Rewrite vulnerability
Moderate
GHSA-fq4p-86hh-42v9
was published
for
zendframework/zend-diactoros
(Composer)
Jun 7, 2024
Zend-Navigation vulnerable to Cross-site Scripting
High
GHSA-6v7p-5qcq-268c
was published
for
zendframework/zend-navigation
(Composer)
Jun 7, 2024
Zend-Feed URL Rewrite vulnerability
High
GHSA-jmmp-vh96-78rm
was published
for
zendframework/zend-feed
(Composer)
Jun 7, 2024
Zend-HTTP URL Rewrite vulnerability
High
GHSA-cg8w-5jrc-675g
was published
for
zendframework/zend-http
(Composer)
Jun 7, 2024
Zendframework URL Rewrite vulnerability
Moderate
GHSA-fh7r-58q4-6387
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload...
High
Unreviewed
CVE-2024-2288
was published
Jun 6, 2024
A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0...
High
Unreviewed
CVE-2024-1879
was published
Jun 6, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Pure Chat by Ruby Pure Chat.This issue affects...
Moderate
Unreviewed
CVE-2024-35673
was published
Jun 5, 2024
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin...
High
Unreviewed
CVE-2024-36550
was published
Jun 4, 2024
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component...
High
Unreviewed
CVE-2024-36547
was published
Jun 4, 2024
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin...
High
Unreviewed
CVE-2024-36548
was published
Jun 4, 2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin...
High
Unreviewed
CVE-2024-36549
was published
Jun 4, 2024
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and...
Moderate
Unreviewed
CVE-2024-35632
was published
Jun 3, 2024
Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue...
Moderate
Unreviewed
CVE-2024-35638
was published
Jun 3, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare Uploadcare File Uploader and...
Moderate
Unreviewed
CVE-2024-35636
was published
Jun 1, 2024
Moodle Logout CSRF in admin/tool/mfa/auth.php
Moderate
CVE-2024-34007
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle CSRF risk in analytics management of models
Moderate
CVE-2024-34008
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle CSRF risk in admin preset tool management of presets
Moderate
CVE-2024-34001
was published
for
moodle/moodle
(Composer)
May 31, 2024
Sylius Resource Bundle Cross-Site Request Forgery vulnerability
Moderate
GHSA-65v7-wg35-2qpm
was published
for
sylius/resource-bundle
(Composer)
May 29, 2024
silverstripe/graphql Cross-Site Request Forgery vulnerability
High
GHSA-wjg9-v8cf-f5q2
was published
for
silverstripe/graphql
(Composer)
May 28, 2024
Silverstripe Missing CSRF protection in login form
Moderate
GHSA-vj2j-6g3w-4662
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter
Moderate
GHSA-2hpc-mf4q-j885
was published
for
silverstripe/framework
(Composer)
May 23, 2024
ProTip!
Advisories are also available from the
GraphQL API