Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

5,662 advisories

Cross-Site Request Forgery (CSRF) vulnerability in Plechev Andrey WP-Recall.This issue affects WP... Moderate Unreviewed
CVE-2024-35657 was published Jun 8, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n... Moderate Unreviewed
CVE-2024-35689 was published Jun 8, 2024
Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress.This issue affects... Moderate Unreviewed
CVE-2024-35684 was published Jun 8, 2024
Zend-Diactoros URL Rewrite vulnerability Moderate
GHSA-fq4p-86hh-42v9 was published for zendframework/zend-diactoros (Composer) Jun 7, 2024
Zend-Navigation vulnerable to Cross-site Scripting High
GHSA-6v7p-5qcq-268c was published for zendframework/zend-navigation (Composer) Jun 7, 2024
Zend-Feed URL Rewrite vulnerability High
GHSA-jmmp-vh96-78rm was published for zendframework/zend-feed (Composer) Jun 7, 2024
Zend-HTTP URL Rewrite vulnerability High
GHSA-cg8w-5jrc-675g was published for zendframework/zend-http (Composer) Jun 7, 2024
Zendframework URL Rewrite vulnerability Moderate
GHSA-fh7r-58q4-6387 was published for zendframework/zendframework (Composer) Jun 7, 2024
A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload... High Unreviewed
CVE-2024-2288 was published Jun 6, 2024
A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0... High Unreviewed
CVE-2024-1879 was published Jun 6, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Pure Chat by Ruby Pure Chat.This issue affects... Moderate Unreviewed
CVE-2024-35673 was published Jun 5, 2024
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin... High Unreviewed
CVE-2024-36550 was published Jun 4, 2024
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component... High Unreviewed
CVE-2024-36547 was published Jun 4, 2024
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin... High Unreviewed
CVE-2024-36548 was published Jun 4, 2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin... High Unreviewed
CVE-2024-36549 was published Jun 4, 2024
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and... Moderate Unreviewed
CVE-2024-35632 was published Jun 3, 2024
Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue... Moderate Unreviewed
CVE-2024-35638 was published Jun 3, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare Uploadcare File Uploader and... Moderate Unreviewed
CVE-2024-35636 was published Jun 1, 2024
Moodle Logout CSRF in admin/tool/mfa/auth.php Moderate
CVE-2024-34007 was published for moodle/moodle (Composer) May 31, 2024
Moodle CSRF risk in analytics management of models Moderate
CVE-2024-34008 was published for moodle/moodle (Composer) May 31, 2024
Moodle CSRF risk in admin preset tool management of presets Moderate
CVE-2024-34001 was published for moodle/moodle (Composer) May 31, 2024
Sylius Resource Bundle Cross-Site Request Forgery vulnerability Moderate
GHSA-65v7-wg35-2qpm was published for sylius/resource-bundle (Composer) May 29, 2024
silverstripe/graphql Cross-Site Request Forgery vulnerability High
GHSA-wjg9-v8cf-f5q2 was published for silverstripe/graphql (Composer) May 28, 2024
Silverstripe Missing CSRF protection in login form Moderate
GHSA-vj2j-6g3w-4662 was published for silverstripe/framework (Composer) May 23, 2024
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter Moderate
GHSA-2hpc-mf4q-j885 was published for silverstripe/framework (Composer) May 23, 2024
ProTip! Advisories are also available from the GraphQL API