Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+

5,948 advisories

Cross Site Request Forgery in Gitea High
CVE-2021-45326 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
The MAZ Loader WordPress plugin through 1.3.4 does not enforce nonce checks, which allows... Moderate Unreviewed
CVE-2021-24668 was published Feb 8, 2022
BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full... Critical Unreviewed
CVE-2021-31589 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its... Moderate Unreviewed
CVE-2021-24839 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX... Moderate Unreviewed
CVE-2021-24843 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX... High Unreviewed
CVE-2021-24879 was published Feb 8, 2022
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF... Moderate Unreviewed
CVE-2021-24993 was published Feb 8, 2022
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and... Moderate Unreviewed
CVE-2021-24947 was published Feb 8, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and... High Unreviewed
CVE-2021-25095 was published Feb 8, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the... Moderate Unreviewed
CVE-2021-25108 was published Feb 8, 2022
Cross-Site Request Forgery in Filebrowser High
CVE-2021-46398 was published for github.com/filebrowser/filebrowser/v2 (Go) Feb 5, 2022
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could... High Unreviewed
CVE-2021-39044 was published Feb 3, 2022
The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF... High Unreviewed
CVE-2021-24763 was published Feb 2, 2022
The Error Log Viewer WordPress plugin through 1.1.1 does not perform nonce check when deleting a... Moderate Unreviewed
CVE-2021-24761 was published Feb 2, 2022
The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF... Moderate Unreviewed
CVE-2021-25072 was published Feb 2, 2022
The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library... Moderate Unreviewed
CVE-2021-25092 was published Feb 2, 2022
The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in... Moderate Unreviewed
CVE-2021-25097 was published Feb 2, 2022
CSRF token missing in Symfony High
CVE-2022-23601 was published for symfony/framework-bundle (Composer) Feb 1, 2022
jderusse nexxome
ovrflo
A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to... High Unreviewed
CVE-2021-22724 was published Jan 29, 2022
A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to... High Unreviewed
CVE-2021-22725 was published Jan 29, 2022
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component ... High Unreviewed
CVE-2022-23888 was published Jan 29, 2022
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers... Moderate Unreviewed
CVE-2022-23887 was published Jan 29, 2022
Cross Site Request Forgery in Moodle High
CVE-2022-0335 was published for moodle/moodle (Composer) Jan 28, 2022
Cross-Site Request Forgery in yetiforce High
CVE-2022-0269 was published for yetiforce/yetiforce-crm (Composer) Jan 27, 2022
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public... High Unreviewed
CVE-2021-44122 was published Jan 27, 2022
ProTip! Advisories are also available from the GraphQL API