Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

49 advisories

Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver... Critical Unreviewed
CVE-2024-33913 was published May 2, 2024
Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX... Critical Unreviewed
CVE-2024-30560 was published Apr 25, 2024
XWiki Platform CSRF remote code execution through the realtime HTML Converter API Critical
CVE-2024-31988 was published for org.xwiki.platform:xwiki-platform-realtime-ui (Maven) Apr 10, 2024
XWiki Platform CSRF remote code execution through scheduler job's document reference Critical
CVE-2024-31986 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 10, 2024
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication... Critical Unreviewed
CVE-2024-20254 was published Feb 7, 2024
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication... Critical Unreviewed
CVE-2024-20252 was published Feb 7, 2024
A cross-site request forgery (CSRF) vulnerability in all versions of the api and web server... Critical Unreviewed
CVE-2024-24593 was published Feb 6, 2024
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation Critical
CVE-2024-22416 was published for pyload-ng (pip) Jan 19, 2024
PinkDraconian kaydoda
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute... Critical Unreviewed
CVE-2023-52200 was published Jan 8, 2024
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh... Critical Unreviewed
CVE-2023-51545 was published Dec 29, 2023
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass Critical
CVE-2023-50722 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 16, 2023
Run Shell Command allows Cross-Site Request Forgery Critical
CVE-2023-48292 was published for org.xwiki.contrib:xwiki-application-admintools (Maven) Nov 20, 2023
XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token Critical
CVE-2023-46242 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 7, 2023
Cross Site Scripting vulnerability in Ruckus Wireless (CommScope) Ruckus CloudPath v.5.12.54414... Critical Unreviewed
CVE-2023-45992 was published Oct 19, 2023
Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform... Critical Unreviewed
CVE-2023-4659 was published Oct 2, 2023
The Rockwell Automation Enhanced HIM software contains an API that the application uses that is... Critical Unreviewed
CVE-2023-2746 was published Jul 11, 2023
XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API Critical
CVE-2023-37277 was published for com.xpn.xwiki.platform:xwiki-core-rest-server (Maven) Jul 10, 2023
Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant... Critical Unreviewed
CVE-2022-44739 was published Jul 6, 2023
The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter... Critical Unreviewed
CVE-2023-2601 was published Jun 27, 2023
org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability Critical
CVE-2023-29213 was published for org.xwiki.platform:xwiki-platform-logging-ui (Maven) Apr 12, 2023
XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery Critical
CVE-2023-22457 was published for org.xwiki.contrib:application-ckeditor-ui (Maven) Jan 6, 2023
Tailscale Windows daemon is vulnerable to RCE via CSRF Critical
CVE-2022-41924 was published for tailscale.com (Go) Nov 21, 2022
emilytrau JJJollyjim
hod-alpert
Insufficient user input in Apache Jetspeed-2 Critical
CVE-2022-32533 was published for org.apache.portals.jetspeed-2:jetspeed-commons (Maven) Jul 7, 2022
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when... Critical Unreviewed
CVE-2022-1574 was published Jun 28, 2022
Power BI Report Server Spoofing Vulnerability Critical Unreviewed
CVE-2021-41372 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API