Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,252 advisories

Loading
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization... Moderate Unreviewed
CVE-2022-0634 was published Apr 26, 2022
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have... Moderate Unreviewed
CVE-2022-0398 was published Apr 26, 2022
The myCred WordPress plugin before 2.4.4 does not have authorisation and CSRF checks in its... Moderate Unreviewed
CVE-2022-1092 was published Apr 26, 2022
A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly... Moderate Unreviewed
CVE-2011-3609 was published Apr 22, 2022
A vulnerability in the web-based management interface of Cisco Unified Communications Manager ... Moderate Unreviewed
CVE-2022-20787 was published Apr 22, 2022
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an... Moderate Unreviewed
CVE-2022-23975 was published Apr 19, 2022
The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when... Moderate Unreviewed
CVE-2022-0707 was published Apr 19, 2022
The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its... Moderate Unreviewed
CVE-2022-1112 was published Apr 19, 2022
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could... Moderate Unreviewed
CVE-2022-20735 was published Apr 16, 2022
Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker... Moderate Unreviewed
CVE-2022-27851 was published Apr 16, 2022
Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an... Moderate Unreviewed
CVE-2022-27850 was published Apr 16, 2022
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages. Moderate Unreviewed
CVE-2022-26589 was published Apr 14, 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site... Moderate Unreviewed
CVE-2022-22959 was published Apr 14, 2022
Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress... Moderate Unreviewed
CVE-2022-27846 was published Apr 14, 2022
Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress... Moderate Unreviewed
CVE-2022-27847 was published Apr 14, 2022
Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS)... Moderate Unreviewed
CVE-2021-36914 was published Apr 13, 2022
CSRF vulnerability in Jenkins Subversion Plugin Moderate
CVE-2022-29048 was published for org.jenkins-ci.plugins:subversion (Maven) Apr 13, 2022
NotMyFault
An issue was discovered in baijiacms v4. There is a CSRF vulnerability that can modify the store... Moderate Unreviewed
CVE-2021-34250 was published Apr 12, 2022
The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data,... Moderate Unreviewed
CVE-2022-0914 was published Apr 12, 2022
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress... Moderate Unreviewed
CVE-2022-25614 was published Apr 12, 2022
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress... Moderate Unreviewed
CVE-2022-25615 was published Apr 12, 2022
A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary... Moderate Unreviewed
CVE-2022-26588 was published Apr 9, 2022
The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating... Moderate Unreviewed
CVE-2022-0830 was published Apr 5, 2022
CSRF vulnerability in Jenkins RocketChat Notifier Plugin Moderate
CVE-2022-28138 was published for org.jenkins-ci.plugins:rocketchatnotifier (Maven) Mar 30, 2022
NotMyFault
CSRF vulnerability in Proxmox Plugin Moderate
CVE-2022-28143 was published for org.jenkins-ci.plugins:proxmox (Maven) Mar 30, 2022
ProTip! Advisories are also available from the GraphQL API