Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,252 advisories

Loading
The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its... Moderate Unreviewed
CVE-2022-1112 was published Apr 19, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in... Moderate Unreviewed
CVE-2010-3024 was published May 17, 2022
A vulnerability in the web-based management interface of Cisco Unified Communications Manager ... Moderate Unreviewed
CVE-2022-20787 was published Apr 22, 2022
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in... Moderate Unreviewed
CVE-2021-24805 was published Apr 26, 2022
Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function... Moderate Unreviewed
CVE-2022-44937 was published Nov 28, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2018-1000195 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2017-2613 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,... Moderate Unreviewed
CVE-2022-3747 was published Nov 29, 2022
Kirby CMS 2.5.12 Cross-site Request Forgery Moderate
CVE-2018-14519 was published for getkirby/cms (Composer) Aug 25, 2022
Froxlor vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2022-3017 was published for froxlor/froxlor (Composer) Aug 29, 2022
The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2022-3898 was published Nov 29, 2022
The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and... Moderate Unreviewed
CVE-2020-35773 was published May 24, 2022
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. Moderate Unreviewed
CVE-2020-28040 was published May 24, 2022
The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and... Moderate Unreviewed
CVE-2021-24822 was published Nov 30, 2021
Cross-Site Request Forgery in Apache Tomcat Moderate
CVE-2012-4431 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. CSRF can... Moderate Unreviewed
CVE-2020-25252 was published May 24, 2022
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and... Moderate Unreviewed
CVE-2021-24730 was published Mar 1, 2022
The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation... Moderate Unreviewed
CVE-2021-24836 was published Dec 14, 2021
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by... Moderate Unreviewed
CVE-2020-23376 was published May 24, 2022
The Entity Embed module provides a filter to allow embedding entities in content fields. In... Moderate Unreviewed
CVE-2020-13673 was published Feb 12, 2022
Cross-Site Request Forgery in Jolokia Moderate
CVE-2014-0168 was published for org.jolokia:jolokia-core (Maven) May 17, 2022
Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows... Moderate Unreviewed
CVE-2010-2039 was published May 17, 2022
Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF)... Moderate Unreviewed
CVE-2021-25327 was published May 24, 2022
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification... Moderate Unreviewed
CVE-2021-21729 was published May 24, 2022
The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on... Moderate Unreviewed
CVE-2022-0642 was published May 31, 2022
ProTip! Advisories are also available from the GraphQL API