Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+

5,948 advisories

Cross-Site Request Forgery (CSRF) in livehelperchat Moderate
CVE-2022-0231 was published for remdex/livehelperchat (Composer) Jan 26, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat Moderate
CVE-2022-0226 was published for remdex/livehelperchat (Composer) Jan 26, 2022
The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which... High Unreviewed
CVE-2021-24696 was published Jan 25, 2022
The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its... High Unreviewed
CVE-2021-24936 was published Jan 25, 2022
The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the... Moderate Unreviewed
CVE-2021-24968 was published Jan 25, 2022
The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place... Moderate Unreviewed
CVE-2021-24989 was published Jan 25, 2022
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the... Moderate Unreviewed
CVE-2021-25013 was published Jan 25, 2022
The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example... High Unreviewed
CVE-2021-25073 was published Jan 25, 2022
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4164 was published for calibreweb (pip) Jan 21, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2022-20612 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 21, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat Moderate
CVE-2022-0245 was published for livehelperchat/livehelperchat (Composer) Jan 21, 2022
mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The... Moderate Unreviewed
CVE-2021-46027 was published Jan 21, 2022
In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The... Moderate Unreviewed
CVE-2021-46028 was published Jan 21, 2022
Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries... Moderate Unreviewed
CVE-2021-44777 was published Jan 20, 2022
The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing... High Unreviewed
CVE-2021-43353 was published Jan 19, 2022
An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5,... High Unreviewed
CVE-2022-0154 was published Jan 19, 2022
The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart... High Unreviewed
CVE-2022-0215 was published Jan 19, 2022
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7... High Unreviewed
CVE-2022-0180 was published Jan 18, 2022
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF... Moderate Unreviewed
CVE-2021-25025 was published Jan 18, 2022
Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Everywhere (WordPress plugin)... High Unreviewed
CVE-2021-23227 was published Jan 14, 2022
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the... High Unreviewed
CVE-2021-41597 was published Jan 13, 2022
Cross-Site Request Forgery in Jenkins Mailer Plugin Moderate
CVE-2022-20613 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022
NotMyFault westonsteimel
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin High
CVE-2022-20619 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin Moderate
CVE-2022-23111 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault
CSRF vulnerability in Jenkins batch task Plugin Moderate
CVE-2022-23115 was published for org.jenkins-ci.plugins:batch-task (Maven) Jan 13, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API