GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,252 advisories
Filter by severity
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization...
Moderate
Unreviewed
CVE-2022-0634
was published
Apr 26, 2022
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have...
Moderate
Unreviewed
CVE-2022-0398
was published
Apr 26, 2022
The myCred WordPress plugin before 2.4.4 does not have authorisation and CSRF checks in its...
Moderate
Unreviewed
CVE-2022-1092
was published
Apr 26, 2022
A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly...
Moderate
Unreviewed
CVE-2011-3609
was published
Apr 22, 2022
A vulnerability in the web-based management interface of Cisco Unified Communications Manager ...
Moderate
Unreviewed
CVE-2022-20787
was published
Apr 22, 2022
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an...
Moderate
Unreviewed
CVE-2022-23975
was published
Apr 19, 2022
The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when...
Moderate
Unreviewed
CVE-2022-0707
was published
Apr 19, 2022
The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its...
Moderate
Unreviewed
CVE-2022-1112
was published
Apr 19, 2022
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could...
Moderate
Unreviewed
CVE-2022-20735
was published
Apr 16, 2022
Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker...
Moderate
Unreviewed
CVE-2022-27851
was published
Apr 16, 2022
Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an...
Moderate
Unreviewed
CVE-2022-27850
was published
Apr 16, 2022
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages.
Moderate
Unreviewed
CVE-2022-26589
was published
Apr 14, 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site...
Moderate
Unreviewed
CVE-2022-22959
was published
Apr 14, 2022
Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress...
Moderate
Unreviewed
CVE-2022-27846
was published
Apr 14, 2022
Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress...
Moderate
Unreviewed
CVE-2022-27847
was published
Apr 14, 2022
Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS)...
Moderate
Unreviewed
CVE-2021-36914
was published
Apr 13, 2022
CSRF vulnerability in Jenkins Subversion Plugin
Moderate
CVE-2022-29048
was published
for
org.jenkins-ci.plugins:subversion
(Maven)
Apr 13, 2022
An issue was discovered in baijiacms v4. There is a CSRF vulnerability that can modify the store...
Moderate
Unreviewed
CVE-2021-34250
was published
Apr 12, 2022
The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data,...
Moderate
Unreviewed
CVE-2022-0914
was published
Apr 12, 2022
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress...
Moderate
Unreviewed
CVE-2022-25614
was published
Apr 12, 2022
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress...
Moderate
Unreviewed
CVE-2022-25615
was published
Apr 12, 2022
A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary...
Moderate
Unreviewed
CVE-2022-26588
was published
Apr 9, 2022
The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating...
Moderate
Unreviewed
CVE-2022-0830
was published
Apr 5, 2022
CSRF vulnerability in Jenkins RocketChat Notifier Plugin
Moderate
CVE-2022-28138
was published
for
org.jenkins-ci.plugins:rocketchatnotifier
(Maven)
Mar 30, 2022
CSRF vulnerability in Proxmox Plugin
Moderate
CVE-2022-28143
was published
for
org.jenkins-ci.plugins:proxmox
(Maven)
Mar 30, 2022
ProTip!
Advisories are also available from the
GraphQL API