Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+

5,948 advisories

CSRF vulnerability in Jenkins RocketChat Notifier Plugin Moderate
CVE-2022-28138 was published for org.jenkins-ci.plugins:rocketchatnotifier (Maven) Mar 30, 2022
NotMyFault
CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin High
CVE-2022-28136 was published for org.jenkins-ci.plugins:JiraTestResultReporter (Maven) Mar 30, 2022
NotMyFault
CSRF vulnerability in Proxmox Plugin Moderate
CVE-2022-28143 was published for org.jenkins-ci.plugins:proxmox (Maven) Mar 30, 2022
Cross site request forgery in Jenkins Job and Node ownership Plugin High
CVE-2022-28150 was published for com.synopsys.jenkinsci:ownership (Maven) Mar 30, 2022
NotMyFault
CSRF vulnerability in Jenkins Job and Node ownership Plugin Moderate
CVE-2022-28152 was published for com.synopsys.jenkinsci:ownership (Maven) Mar 30, 2022
NotMyFault
The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related... Moderate Unreviewed
CVE-2021-24978 was published Mar 29, 2022
The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when... High Unreviewed
CVE-2022-0499 was published Mar 29, 2022
The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in... High Unreviewed
CVE-2022-0770 was published Mar 29, 2022
The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of... Moderate Unreviewed
CVE-2022-0833 was published Mar 29, 2022
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE... High Unreviewed
CVE-2022-0427 was published Mar 29, 2022
Cross-Site Request Forgery in Anchor CMS Moderate
CVE-2022-25576 was published for anchorcms/anchor-cms (Composer) Mar 26, 2022
TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is... High Unreviewed
CVE-2022-25523 was published Mar 26, 2022
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history... High Unreviewed
CVE-2022-25268 was published Mar 25, 2022
An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can... Moderate Unreviewed
CVE-2021-43737 was published Mar 24, 2022
An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that... High Unreviewed
CVE-2021-43738 was published Mar 24, 2022
Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin)... Moderate Unreviewed
CVE-2022-25608 was published Mar 24, 2022
A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers... High Unreviewed
CVE-2022-24235 was published Mar 22, 2022
The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF... High Unreviewed
CVE-2021-24905 was published Mar 22, 2022
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. Moderate Unreviewed
CVE-2022-0515 was published Mar 22, 2022
The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper... High Unreviewed
CVE-2022-0229 was published Mar 22, 2022
The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when... Moderate Unreviewed
CVE-2022-0681 was published Mar 22, 2022
The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting... Moderate Unreviewed
CVE-2022-0616 was published Mar 22, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). High Unreviewed
CVE-2022-23349 was published Mar 22, 2022
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary... High Unreviewed
CVE-2021-40662 was published Mar 22, 2022
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to... High Unreviewed
CVE-2022-27226 was published Mar 20, 2022
ProTip! Advisories are also available from the GraphQL API