GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,069
Composer 4,071
Erlang 29
GitHub Actions 19
Go 1,893
Maven 5,095
npm 3,630
NuGet 638
pip 3,243
Pub 10
RubyGems 862
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,378

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,900 advisories

Filter by severity

Sort by

Least recently updated

Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007... Moderate Unreviewed

CVE-2010-3213 was published May 17, 2022

Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an... Moderate Unreviewed

CVE-2022-23975 was published Apr 19, 2022

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could... Moderate Unreviewed

CVE-2022-20735 was published Apr 16, 2022

Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an... Moderate Unreviewed

CVE-2022-27850 was published Apr 16, 2022

A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages. Moderate Unreviewed

CVE-2022-26589 was published Apr 14, 2022

Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker... Moderate Unreviewed

CVE-2022-27851 was published Apr 16, 2022

The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its... Moderate Unreviewed

CVE-2022-1112 was published Apr 19, 2022

The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when... Moderate Unreviewed

CVE-2022-0707 was published Apr 19, 2022

Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in... Moderate Unreviewed

CVE-2010-3024 was published May 17, 2022

A vulnerability in the web-based management interface of Cisco Unified Communications Manager ... Moderate Unreviewed

CVE-2022-20787 was published Apr 22, 2022

The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in... Moderate Unreviewed

CVE-2021-24805 was published Apr 26, 2022

Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function... Moderate Unreviewed

CVE-2022-44937 was published Nov 28, 2022

The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,... Moderate Unreviewed

CVE-2022-3747 was published Nov 29, 2022

The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed

CVE-2022-3898 was published Nov 29, 2022

WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. Moderate Unreviewed

CVE-2020-28040 was published May 24, 2022

The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and... Moderate Unreviewed

CVE-2020-35773 was published May 24, 2022

The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and... Moderate Unreviewed

CVE-2021-24822 was published Nov 30, 2021

An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. CSRF can... Moderate Unreviewed

CVE-2020-25252 was published May 24, 2022

The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and... Moderate Unreviewed

CVE-2021-24730 was published Mar 1, 2022

The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation... Moderate Unreviewed

CVE-2021-24836 was published Dec 14, 2021

NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by... Moderate Unreviewed

CVE-2020-23376 was published May 24, 2022

The Entity Embed module provides a filter to allow embedding entities in content fields. In... Moderate Unreviewed

CVE-2020-13673 was published Feb 12, 2022

Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows... Moderate Unreviewed

CVE-2010-2039 was published May 17, 2022

Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification... Moderate Unreviewed

CVE-2021-21729 was published May 24, 2022

Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF)... Moderate Unreviewed

CVE-2021-25327 was published May 24, 2022

Previous 1 2 3 4 5 … 115 116 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,900 advisories