GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
5,973 advisories
Filter by severity
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when...
Moderate
Unreviewed
CVE-2021-24683
was published
May 24, 2022
Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2...
Moderate
Unreviewed
CVE-2021-36890
was published
Jun 3, 2022
The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting...
Moderate
Unreviewed
CVE-2021-24434
was published
May 24, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x...
Moderate
Unreviewed
CVE-2008-6532
was published
May 17, 2022
Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2...
High
Unreviewed
CVE-2017-10677
was published
May 17, 2022
tnftpd before 20080929 splits large command strings into multiple commands, which allows remote...
Moderate
Unreviewed
CVE-2008-7016
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote...
Moderate
Unreviewed
CVE-2008-7204
was published
May 17, 2022
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability....
High
Unreviewed
CVE-2017-7398
was published
May 17, 2022
HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.
High
Unreviewed
CVE-2017-7446
was published
May 17, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara before 1.0.15, 1.1.x before...
Moderate
Unreviewed
CVE-2010-1668
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in OpenEdit Digital Asset Management (DAM) before...
Moderate
Unreviewed
CVE-2008-6239
was published
May 17, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote...
Moderate
Unreviewed
CVE-2008-6331
was published
May 17, 2022
IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request...
High
Unreviewed
CVE-2022-22479
was published
Jun 11, 2022
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via...
High
Unreviewed
CVE-2021-44117
was published
Jun 11, 2022
The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions,...
Moderate
Unreviewed
CVE-2022-1424
was published
Jun 9, 2022
The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its...
Moderate
Unreviewed
CVE-2022-1712
was published
Jun 9, 2022
A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote...
Moderate
Unreviewed
CVE-2022-30898
was published
Jun 10, 2022
Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and possibly earlier, allows...
Moderate
Unreviewed
CVE-2010-2345
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows...
Moderate
Unreviewed
CVE-2008-6832
was published
May 17, 2022
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute...
High
Unreviewed
CVE-2022-29735
was published
Jun 3, 2022
Cross Site Request Forgery in Mingsoft MCMS
High
CVE-2022-29647
was published
for
net.mingsoft:ms-mcms
(Maven)
Jun 3, 2022
Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allows remote attackers to...
Moderate
Unreviewed
CVE-2010-1611
was published
May 17, 2022
Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an...
Moderate
Unreviewed
CVE-2022-45130
was published
Nov 10, 2022
IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19...
Moderate
Unreviewed
CVE-2022-22361
was published
Jun 1, 2022
The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation...
High
Unreviewed
CVE-2022-1611
was published
May 31, 2022
ProTip!
Advisories are also available from the
GraphQL API