Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,601 advisories

Loading
Cross-Site Request Forgery in XXL-Job High
CVE-2022-29002 was published for com.xuxueli:xxl-job (Maven) May 24, 2022
Cross-Site Request Forgery in Jolokia High
CVE-2018-10899 was published for org.jolokia:jolokia-core (Maven) May 24, 2022
Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notification E-mails plugin <= 1... High Unreviewed
CVE-2022-34654 was published Nov 28, 2022
Cross-Site Request Forgery in Jenkins Git Plugin High
CVE-2017-1000092 was published for org.jenkins-ci.plugins:git (Maven) May 17, 2022
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which... High Unreviewed
CVE-2021-38886 was published Apr 23, 2022
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the... High Unreviewed
CVE-2022-27375 was published Apr 26, 2022
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the... High Unreviewed
CVE-2022-27374 was published Apr 26, 2022
All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf... High Unreviewed
CVE-2021-32929 was published Apr 23, 2022
Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected... High Unreviewed
CVE-2022-28109 was published Apr 16, 2022
Cross Site Request Forgery in Mingsoft MCMS High
CVE-2022-27340 was published for net.mingsoft:ms-mcms (Maven) Apr 23, 2022
Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions,... High Unreviewed
CVE-2022-27629 was published Apr 21, 2022
Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as... High Unreviewed
CVE-2022-28108 was published Apr 20, 2022
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an... High Unreviewed
CVE-2022-23976 was published Apr 19, 2022
The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via... High Unreviewed
CVE-2021-4096 was published Apr 20, 2022
A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron... High Unreviewed
CVE-2021-32156 was published Apr 12, 2022
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and... High Unreviewed
CVE-2021-32159 was published Apr 12, 2022
The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could... High Unreviewed
CVE-2022-0141 was published Apr 13, 2022
CSRF vulnerability in Jenkins Publish Over FTP Plugin High
CVE-2022-29050 was published for org.jenkins-ci.plugins:publish-over-ftp (Maven) Apr 13, 2022
westonsteimel
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V,... High Unreviewed
CVE-2022-25754 was published Apr 13, 2022
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager... High Unreviewed
CVE-2021-32162 was published Apr 12, 2022
qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI. High Unreviewed
CVE-2022-26180 was published Apr 9, 2022
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery ... High Unreviewed
CVE-2022-36546 was published Aug 27, 2022
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3,... High Unreviewed
CVE-2020-4668 was published Apr 9, 2022
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800... High Unreviewed
CVE-2022-20774 was published Apr 7, 2022
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password... High Unreviewed
CVE-2022-27432 was published Mar 31, 2022
ProTip! Advisories are also available from the GraphQL API