GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,252 advisories
Filter by severity
The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its...
Moderate
Unreviewed
CVE-2022-1112
was published
Apr 19, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in...
Moderate
Unreviewed
CVE-2010-3024
was published
May 17, 2022
A vulnerability in the web-based management interface of Cisco Unified Communications Manager ...
Moderate
Unreviewed
CVE-2022-20787
was published
Apr 22, 2022
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in...
Moderate
Unreviewed
CVE-2021-24805
was published
Apr 26, 2022
Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function...
Moderate
Unreviewed
CVE-2022-44937
was published
Nov 28, 2022
Cross-Site Request Forgery in Jenkins
Moderate
CVE-2018-1000195
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Cross-Site Request Forgery in Jenkins
Moderate
CVE-2017-2613
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,...
Moderate
Unreviewed
CVE-2022-3747
was published
Nov 29, 2022
Kirby CMS 2.5.12 Cross-site Request Forgery
Moderate
CVE-2018-14519
was published
for
getkirby/cms
(Composer)
Aug 25, 2022
Froxlor vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2022-3017
was published
for
froxlor/froxlor
(Composer)
Aug 29, 2022
The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Moderate
Unreviewed
CVE-2022-3898
was published
Nov 29, 2022
The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and...
Moderate
Unreviewed
CVE-2020-35773
was published
May 24, 2022
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.
Moderate
Unreviewed
CVE-2020-28040
was published
May 24, 2022
The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and...
Moderate
Unreviewed
CVE-2021-24822
was published
Nov 30, 2021
Cross-Site Request Forgery in Apache Tomcat
Moderate
CVE-2012-4431
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. CSRF can...
Moderate
Unreviewed
CVE-2020-25252
was published
May 24, 2022
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and...
Moderate
Unreviewed
CVE-2021-24730
was published
Mar 1, 2022
The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation...
Moderate
Unreviewed
CVE-2021-24836
was published
Dec 14, 2021
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by...
Moderate
Unreviewed
CVE-2020-23376
was published
May 24, 2022
The Entity Embed module provides a filter to allow embedding entities in content fields. In...
Moderate
Unreviewed
CVE-2020-13673
was published
Feb 12, 2022
Cross-Site Request Forgery in Jolokia
Moderate
CVE-2014-0168
was published
for
org.jolokia:jolokia-core
(Maven)
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows...
Moderate
Unreviewed
CVE-2010-2039
was published
May 17, 2022
Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF)...
Moderate
Unreviewed
CVE-2021-25327
was published
May 24, 2022
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification...
Moderate
Unreviewed
CVE-2021-21729
was published
May 24, 2022
The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on...
Moderate
Unreviewed
CVE-2022-0642
was published
May 31, 2022
ProTip!
Advisories are also available from the
GraphQL API