GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,071
Erlang
29
GitHub Actions
19
Go
1,893
Maven
5,000+
npm
3,630
NuGet
638
pip
3,243
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
2,900 advisories
Filter by severity
Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007...
Moderate
Unreviewed
CVE-2010-3213
was published
May 17, 2022
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an...
Moderate
Unreviewed
CVE-2022-23975
was published
Apr 19, 2022
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could...
Moderate
Unreviewed
CVE-2022-20735
was published
Apr 16, 2022
Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an...
Moderate
Unreviewed
CVE-2022-27850
was published
Apr 16, 2022
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages.
Moderate
Unreviewed
CVE-2022-26589
was published
Apr 14, 2022
Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker...
Moderate
Unreviewed
CVE-2022-27851
was published
Apr 16, 2022
The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its...
Moderate
Unreviewed
CVE-2022-1112
was published
Apr 19, 2022
The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when...
Moderate
Unreviewed
CVE-2022-0707
was published
Apr 19, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in...
Moderate
Unreviewed
CVE-2010-3024
was published
May 17, 2022
A vulnerability in the web-based management interface of Cisco Unified Communications Manager ...
Moderate
Unreviewed
CVE-2022-20787
was published
Apr 22, 2022
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in...
Moderate
Unreviewed
CVE-2021-24805
was published
Apr 26, 2022
Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function...
Moderate
Unreviewed
CVE-2022-44937
was published
Nov 28, 2022
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,...
Moderate
Unreviewed
CVE-2022-3747
was published
Nov 29, 2022
The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Moderate
Unreviewed
CVE-2022-3898
was published
Nov 29, 2022
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.
Moderate
Unreviewed
CVE-2020-28040
was published
May 24, 2022
The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and...
Moderate
Unreviewed
CVE-2020-35773
was published
May 24, 2022
The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and...
Moderate
Unreviewed
CVE-2021-24822
was published
Nov 30, 2021
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. CSRF can...
Moderate
Unreviewed
CVE-2020-25252
was published
May 24, 2022
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and...
Moderate
Unreviewed
CVE-2021-24730
was published
Mar 1, 2022
The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation...
Moderate
Unreviewed
CVE-2021-24836
was published
Dec 14, 2021
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by...
Moderate
Unreviewed
CVE-2020-23376
was published
May 24, 2022
The Entity Embed module provides a filter to allow embedding entities in content fields. In...
Moderate
Unreviewed
CVE-2020-13673
was published
Feb 12, 2022
Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows...
Moderate
Unreviewed
CVE-2010-2039
was published
May 17, 2022
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification...
Moderate
Unreviewed
CVE-2021-21729
was published
May 24, 2022
Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF)...
Moderate
Unreviewed
CVE-2021-25327
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API