GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,601 advisories
Filter by severity
Cross-Site Request Forgery in XXL-Job
High
CVE-2022-29002
was published
for
com.xuxueli:xxl-job
(Maven)
May 24, 2022
Cross-Site Request Forgery in Jolokia
High
CVE-2018-10899
was published
for
org.jolokia:jolokia-core
(Maven)
May 24, 2022
Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notification E-mails plugin <= 1...
High
Unreviewed
CVE-2022-34654
was published
Nov 28, 2022
Cross-Site Request Forgery in Jenkins Git Plugin
High
CVE-2017-1000092
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 17, 2022
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which...
High
Unreviewed
CVE-2021-38886
was published
Apr 23, 2022
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the...
High
Unreviewed
CVE-2022-27375
was published
Apr 26, 2022
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the...
High
Unreviewed
CVE-2022-27374
was published
Apr 26, 2022
All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf...
High
Unreviewed
CVE-2021-32929
was published
Apr 23, 2022
Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected...
High
Unreviewed
CVE-2022-28109
was published
Apr 16, 2022
Cross Site Request Forgery in Mingsoft MCMS
High
CVE-2022-27340
was published
for
net.mingsoft:ms-mcms
(Maven)
Apr 23, 2022
Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions,...
High
Unreviewed
CVE-2022-27629
was published
Apr 21, 2022
Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as...
High
Unreviewed
CVE-2022-28108
was published
Apr 20, 2022
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an...
High
Unreviewed
CVE-2022-23976
was published
Apr 19, 2022
The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via...
High
Unreviewed
CVE-2021-4096
was published
Apr 20, 2022
A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron...
High
Unreviewed
CVE-2021-32156
was published
Apr 12, 2022
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and...
High
Unreviewed
CVE-2021-32159
was published
Apr 12, 2022
The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could...
High
Unreviewed
CVE-2022-0141
was published
Apr 13, 2022
CSRF vulnerability in Jenkins Publish Over FTP Plugin
High
CVE-2022-29050
was published
for
org.jenkins-ci.plugins:publish-over-ftp
(Maven)
Apr 13, 2022
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V,...
High
Unreviewed
CVE-2022-25754
was published
Apr 13, 2022
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager...
High
Unreviewed
CVE-2021-32162
was published
Apr 12, 2022
qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.
High
Unreviewed
CVE-2022-26180
was published
Apr 9, 2022
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery ...
High
Unreviewed
CVE-2022-36546
was published
Aug 27, 2022
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3,...
High
Unreviewed
CVE-2020-4668
was published
Apr 9, 2022
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800...
High
Unreviewed
CVE-2022-20774
was published
Apr 7, 2022
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password...
High
Unreviewed
CVE-2022-27432
was published
Mar 31, 2022
ProTip!
Advisories are also available from the
GraphQL API