Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

8,594 advisories

Loading
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history... High Unreviewed
CVE-2022-25268 was published Mar 25, 2022
Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin)... Moderate Unreviewed
CVE-2022-25608 was published Mar 24, 2022
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary... High Unreviewed
CVE-2021-40662 was published Mar 22, 2022
An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can... Moderate Unreviewed
CVE-2021-43737 was published Mar 24, 2022
A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers... High Unreviewed
CVE-2022-24235 was published Mar 22, 2022
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. Moderate Unreviewed
CVE-2022-0515 was published Mar 22, 2022
The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting... Moderate Unreviewed
CVE-2022-0616 was published Mar 22, 2022
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to... High Unreviewed
CVE-2022-27226 was published Mar 20, 2022
Predictable CSRF tokens in centreon/centreon Moderate
CVE-2021-28055 was published for centreon/centreon (Composer) Jun 8, 2021
Cross-site Request Forgery in fastify-csrf High
CVE-2020-28482 was published for fastify-csrf (npm) Jan 20, 2021
Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3... Moderate Unreviewed
CVE-2011-0440 was published May 17, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration screen in wp... Moderate Unreviewed
CVE-2011-0760 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1... Moderate Unreviewed
CVE-2011-0629 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0... Moderate Unreviewed
CVE-2011-0642 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in admin/conf_users_edit.php in PHP Link... Moderate Unreviewed
CVE-2011-0643 was published May 17, 2022
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site... High Unreviewed
CVE-2022-22346 was published Mar 15, 2022
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse... Low Unreviewed
CVE-2022-22348 was published Mar 15, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally... High Unreviewed
CVE-2021-45886 was published Mar 14, 2022
Cross Site Request Forgery in mailman High
CVE-2021-44227 was published for mailman (pip) Dec 16, 2021
Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs,... Moderate Unreviewed
CVE-2022-26101 was published Mar 11, 2022
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25212 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault Credited to NotMyFault
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24437 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions... Moderate Unreviewed
CVE-2023-0403 was published Jan 19, 2023
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function... High Unreviewed
CVE-2019-13477 was published May 24, 2022
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints High
CVE-2022-43719 was published for apache-superset (pip) Jan 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database