Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

5,973 advisories

Loading
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when... Moderate Unreviewed
CVE-2021-24683 was published May 24, 2022
Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2... Moderate Unreviewed
CVE-2021-36890 was published Jun 3, 2022
The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting... Moderate Unreviewed
CVE-2021-24434 was published May 24, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x... Moderate Unreviewed
CVE-2008-6532 was published May 17, 2022
Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2... High Unreviewed
CVE-2017-10677 was published May 17, 2022
tnftpd before 20080929 splits large command strings into multiple commands, which allows remote... Moderate Unreviewed
CVE-2008-7016 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote... Moderate Unreviewed
CVE-2008-7204 was published May 17, 2022
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability.... High Unreviewed
CVE-2017-7398 was published May 17, 2022
HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges. High Unreviewed
CVE-2017-7446 was published May 17, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara before 1.0.15, 1.1.x before... Moderate Unreviewed
CVE-2010-1668 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in OpenEdit Digital Asset Management (DAM) before... Moderate Unreviewed
CVE-2008-6239 was published May 17, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote... Moderate Unreviewed
CVE-2008-6331 was published May 17, 2022
IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request... High Unreviewed
CVE-2022-22479 was published Jun 11, 2022
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via... High Unreviewed
CVE-2021-44117 was published Jun 11, 2022
The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions,... Moderate Unreviewed
CVE-2022-1424 was published Jun 9, 2022
The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its... Moderate Unreviewed
CVE-2022-1712 was published Jun 9, 2022
A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote... Moderate Unreviewed
CVE-2022-30898 was published Jun 10, 2022
Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and possibly earlier, allows... Moderate Unreviewed
CVE-2010-2345 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows... Moderate Unreviewed
CVE-2008-6832 was published May 17, 2022
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute... High Unreviewed
CVE-2022-29735 was published Jun 3, 2022
Cross Site Request Forgery in Mingsoft MCMS High
CVE-2022-29647 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allows remote attackers to... Moderate Unreviewed
CVE-2010-1611 was published May 17, 2022
Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an... Moderate Unreviewed
CVE-2022-45130 was published Nov 10, 2022
IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19... Moderate Unreviewed
CVE-2022-22361 was published Jun 1, 2022
The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation... High Unreviewed
CVE-2022-1611 was published May 31, 2022
ProTip! Advisories are also available from the GraphQL API