Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,706 advisories

Loading
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V,... High Unreviewed
CVE-2022-25754 was published Apr 13, 2022
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager... High Unreviewed
CVE-2021-32162 was published Apr 12, 2022
qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI. High Unreviewed
CVE-2022-26180 was published Apr 9, 2022
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery ... High Unreviewed
CVE-2022-36546 was published Aug 27, 2022
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3,... High Unreviewed
CVE-2020-4668 was published Apr 9, 2022
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800... High Unreviewed
CVE-2022-20774 was published Apr 7, 2022
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password... High Unreviewed
CVE-2022-27432 was published Mar 31, 2022
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators... High Unreviewed
CVE-2021-44312 was published Mar 31, 2022
The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in... High Unreviewed
CVE-2022-0770 was published Mar 29, 2022
The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when... High Unreviewed
CVE-2022-0499 was published Mar 29, 2022
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE... High Unreviewed
CVE-2022-0427 was published Mar 29, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). High Unreviewed
CVE-2022-23349 was published Mar 22, 2022
An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that... High Unreviewed
CVE-2021-43738 was published Mar 24, 2022
TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is... High Unreviewed
CVE-2022-25523 was published Mar 26, 2022
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history... High Unreviewed
CVE-2022-25268 was published Mar 25, 2022
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary... High Unreviewed
CVE-2021-40662 was published Mar 22, 2022
A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers... High Unreviewed
CVE-2022-24235 was published Mar 22, 2022
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to... High Unreviewed
CVE-2022-27226 was published Mar 20, 2022
Cross-site Request Forgery in fastify-csrf High
CVE-2020-28482 was published for fastify-csrf (npm) Jan 20, 2021
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site... High Unreviewed
CVE-2022-22346 was published Mar 15, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally... High Unreviewed
CVE-2021-45886 was published Mar 14, 2022
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and... High Unreviewed
CVE-2022-25600 was published Mar 12, 2022
Cross Site Request Forgery in mailman High
CVE-2021-44227 was published for mailman (pip) Dec 16, 2021
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function... High Unreviewed
CVE-2019-13477 was published May 24, 2022
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints High
CVE-2022-43719 was published for apache-superset (pip) Jan 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database