Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,397 advisories

Loading
The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper... High Unreviewed
CVE-2022-0229 was published Mar 22, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). High Unreviewed
CVE-2022-23349 was published Mar 22, 2022
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary... High Unreviewed
CVE-2021-40662 was published Mar 22, 2022
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to... High Unreviewed
CVE-2022-27226 was published Mar 20, 2022
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site... High Unreviewed
CVE-2022-22346 was published Mar 15, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally... High Unreviewed
CVE-2021-45886 was published Mar 14, 2022
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and... High Unreviewed
CVE-2022-25600 was published Mar 12, 2022
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the ... High Unreviewed
CVE-2022-0439 was published Mar 8, 2022
Chained Cross Site Request Forgery (CSRF) with Reflected Cross Site Scripting (XSS) vulnerability... High Unreviewed
CVE-2021-46380 was published Mar 5, 2022
The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled... High Unreviewed
CVE-2021-24823 was published Mar 1, 2022
In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in "admin... High Unreviewed
CVE-2021-24704 was published Mar 1, 2022
The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in... High Unreviewed
CVE-2021-24803 was published Mar 1, 2022
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. High Unreviewed
CVE-2022-24342 was published Feb 26, 2022
A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware... High Unreviewed
CVE-2021-4030 was published Feb 25, 2022
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert... High Unreviewed
CVE-2022-0134 was published Feb 22, 2022
Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in... High Unreviewed
CVE-2022-23983 was published Feb 22, 2022
In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request... High Unreviewed
CVE-2022-25241 was published Feb 17, 2022
In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF). High Unreviewed
CVE-2022-25242 was published Feb 17, 2022
YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add High Unreviewed
CVE-2022-23384 was published Feb 16, 2022
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) High Unreviewed
CVE-2022-0196 was published Feb 11, 2022
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) High Unreviewed
CVE-2022-0197 was published Feb 11, 2022
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows... High Unreviewed
CVE-2021-45268 was published Feb 11, 2022
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that... High Unreviewed
CVE-2020-7534 was published Feb 11, 2022
A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulnerability exists that could... High Unreviewed
CVE-2022-22808 was published Feb 11, 2022
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to... High Unreviewed
CVE-2022-22811 was published Feb 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database