GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
5,973 advisories
Filter by severity
Cross-Site Request Forgery (CSRF) in livehelperchat
Moderate
CVE-2022-0231
was published
for
remdex/livehelperchat
(Composer)
Jan 26, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat
Moderate
CVE-2022-0226
was published
for
remdex/livehelperchat
(Composer)
Jan 26, 2022
The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which...
High
Unreviewed
CVE-2021-24696
was published
Jan 25, 2022
The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its...
High
Unreviewed
CVE-2021-24936
was published
Jan 25, 2022
The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the...
Moderate
Unreviewed
CVE-2021-24968
was published
Jan 25, 2022
The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place...
Moderate
Unreviewed
CVE-2021-24989
was published
Jan 25, 2022
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the...
Moderate
Unreviewed
CVE-2021-25013
was published
Jan 25, 2022
The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example...
High
Unreviewed
CVE-2021-25073
was published
Jan 25, 2022
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
High
CVE-2021-4164
was published
for
calibreweb
(pip)
Jan 21, 2022
Cross-Site Request Forgery in Jenkins
Moderate
CVE-2022-20612
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 21, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
Moderate
CVE-2022-0245
was published
for
livehelperchat/livehelperchat
(Composer)
Jan 21, 2022
mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The...
Moderate
Unreviewed
CVE-2021-46027
was published
Jan 21, 2022
In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The...
Moderate
Unreviewed
CVE-2021-46028
was published
Jan 21, 2022
Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries...
Moderate
Unreviewed
CVE-2021-44777
was published
Jan 20, 2022
The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing...
High
Unreviewed
CVE-2021-43353
was published
Jan 19, 2022
An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5,...
High
Unreviewed
CVE-2022-0154
was published
Jan 19, 2022
The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart...
High
Unreviewed
CVE-2022-0215
was published
Jan 19, 2022
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7...
High
Unreviewed
CVE-2022-0180
was published
Jan 18, 2022
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF...
Moderate
Unreviewed
CVE-2021-25025
was published
Jan 18, 2022
Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Everywhere (WordPress plugin)...
High
Unreviewed
CVE-2021-23227
was published
Jan 14, 2022
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the...
High
Unreviewed
CVE-2021-41597
was published
Jan 13, 2022
Cross-Site Request Forgery in Jenkins Mailer Plugin
Moderate
CVE-2022-20613
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
Jan 13, 2022
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin
High
CVE-2022-20619
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin
Moderate
CVE-2022-23111
was published
for
org.jenkins-ci.plugins:publish-over-ssh
(Maven)
Jan 13, 2022
CSRF vulnerability in Jenkins batch task Plugin
Moderate
CVE-2022-23115
was published
for
org.jenkins-ci.plugins:batch-task
(Maven)
Jan 13, 2022
ProTip!
Advisories are also available from the
GraphQL API