Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+

5,948 advisories

Cross-Site Request Forgery in Jenkins P4 Plugin High
CVE-2021-21655 was published for org.jenkins-ci.plugins:p4 (Maven) Mar 18, 2022
NotMyFault
CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin High
CVE-2022-27198 was published for org.jenkins-ci.plugins:aws-credentials (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF Moderate
CVE-2022-27204 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability in Jenkins Release Helper Plugin Moderate
CVE-2022-27214 was published for org.jenkins-ci.plugins:release-helper (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials High
CVE-2022-27210 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or... Moderate Unreviewed
CVE-2022-22734 was published Mar 15, 2022
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site... High Unreviewed
CVE-2022-22346 was published Mar 15, 2022
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse... Low Unreviewed
CVE-2022-22348 was published Mar 15, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally... High Unreviewed
CVE-2021-45886 was published Mar 14, 2022
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and... High Unreviewed
CVE-2022-25600 was published Mar 12, 2022
Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs,... Moderate Unreviewed
CVE-2022-26101 was published Mar 11, 2022
The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce... Moderate Unreviewed
CVE-2021-25098 was published Mar 8, 2022
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the ... High Unreviewed
CVE-2022-0439 was published Mar 8, 2022
The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before... Moderate Unreviewed
CVE-2022-0445 was published Mar 8, 2022
Cross Site Request Forgery in intelliants/subrion High
CVE-2020-18326 was published for intelliants/subrion (Composer) Mar 5, 2022
Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF),... Moderate Unreviewed
CVE-2021-44321 was published Mar 5, 2022
Chained Cross Site Request Forgery (CSRF) with Reflected Cross Site Scripting (XSS) vulnerability... High Unreviewed
CVE-2021-46380 was published Mar 5, 2022
PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an... Moderate Unreviewed
CVE-2022-23052 was published Mar 4, 2022
Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4 Moderate
CVE-2022-24712 was published for codeigniter4/framework (Composer) Mar 1, 2022
The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in... Moderate Unreviewed
CVE-2021-24688 was published Mar 1, 2022
In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in "admin... High Unreviewed
CVE-2021-24704 was published Mar 1, 2022
The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled... High Unreviewed
CVE-2021-24823 was published Mar 1, 2022
The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in... High Unreviewed
CVE-2021-24803 was published Mar 1, 2022
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and... Moderate Unreviewed
CVE-2021-24730 was published Mar 1, 2022
The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the... Moderate Unreviewed
CVE-2021-24913 was published Mar 1, 2022
ProTip! Advisories are also available from the GraphQL API