GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+
5,948 advisories
Filter by severity
Cross-Site Request Forgery in Jenkins P4 Plugin
High
CVE-2021-21655
was published
for
org.jenkins-ci.plugins:p4
(Maven)
Mar 18, 2022
CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin
High
CVE-2022-27198
was published
for
org.jenkins-ci.plugins:aws-credentials
(Maven)
Mar 16, 2022
CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF
Moderate
CVE-2022-27204
was published
for
org.jenkins-ci.plugins:extended-choice-parameter
(Maven)
Mar 16, 2022
CSRF vulnerability in Jenkins Release Helper Plugin
Moderate
CVE-2022-27214
was published
for
org.jenkins-ci.plugins:release-helper
(Maven)
Mar 16, 2022
CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials
High
CVE-2022-27210
was published
for
org.jenkins-ci.plugins:kubernetes-cd
(Maven)
Mar 16, 2022
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or...
Moderate
Unreviewed
CVE-2022-22734
was published
Mar 15, 2022
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site...
High
Unreviewed
CVE-2022-22346
was published
Mar 15, 2022
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse...
Low
Unreviewed
CVE-2022-22348
was published
Mar 15, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally...
High
Unreviewed
CVE-2021-45886
was published
Mar 14, 2022
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and...
High
Unreviewed
CVE-2022-25600
was published
Mar 12, 2022
Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs,...
Moderate
Unreviewed
CVE-2022-26101
was published
Mar 11, 2022
The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce...
Moderate
Unreviewed
CVE-2021-25098
was published
Mar 8, 2022
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the ...
High
Unreviewed
CVE-2022-0439
was published
Mar 8, 2022
The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before...
Moderate
Unreviewed
CVE-2022-0445
was published
Mar 8, 2022
Cross Site Request Forgery in intelliants/subrion
High
CVE-2020-18326
was published
for
intelliants/subrion
(Composer)
Mar 5, 2022
Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF),...
Moderate
Unreviewed
CVE-2021-44321
was published
Mar 5, 2022
Chained Cross Site Request Forgery (CSRF) with Reflected Cross Site Scripting (XSS) vulnerability...
High
Unreviewed
CVE-2021-46380
was published
Mar 5, 2022
PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an...
Moderate
Unreviewed
CVE-2022-23052
was published
Mar 4, 2022
Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4
Moderate
CVE-2022-24712
was published
for
codeigniter4/framework
(Composer)
Mar 1, 2022
The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in...
Moderate
Unreviewed
CVE-2021-24688
was published
Mar 1, 2022
In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in "admin...
High
Unreviewed
CVE-2021-24704
was published
Mar 1, 2022
The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled...
High
Unreviewed
CVE-2021-24823
was published
Mar 1, 2022
The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in...
High
Unreviewed
CVE-2021-24803
was published
Mar 1, 2022
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and...
Moderate
Unreviewed
CVE-2021-24730
was published
Mar 1, 2022
The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the...
Moderate
Unreviewed
CVE-2021-24913
was published
Mar 1, 2022
ProTip!
Advisories are also available from the
GraphQL API