Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+

5,948 advisories

Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history... High Unreviewed
CVE-2022-25268 was published Mar 25, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). High Unreviewed
CVE-2022-23349 was published Mar 22, 2022
TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is... High Unreviewed
CVE-2022-25523 was published Mar 26, 2022
An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that... High Unreviewed
CVE-2021-43738 was published Mar 24, 2022
The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when... Moderate Unreviewed
CVE-2022-0681 was published Mar 22, 2022
Cross-Site Request Forgery in Anchor CMS Moderate
CVE-2022-25576 was published for anchorcms/anchor-cms (Composer) Mar 26, 2022
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE... High Unreviewed
CVE-2022-0427 was published Mar 29, 2022
The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in... High Unreviewed
CVE-2022-0770 was published Mar 29, 2022
The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when... High Unreviewed
CVE-2022-0499 was published Mar 29, 2022
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management... Moderate Unreviewed
CVE-2010-4032 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in HP Insight Control for Linux before 6.2 allows... Moderate Unreviewed
CVE-2010-4106 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService... Moderate Unreviewed
CVE-2010-3603 was published May 17, 2022
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators... High Unreviewed
CVE-2021-44312 was published Mar 31, 2022
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password... High Unreviewed
CVE-2022-27432 was published Mar 31, 2022
Cross-Site Request Forgery in YOURLS Low
CVE-2022-0088 was published for yourls/yourls (Composer) Apr 4, 2022
The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating... Moderate Unreviewed
CVE-2022-0830 was published Apr 5, 2022
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800... High Unreviewed
CVE-2022-20774 was published Apr 7, 2022
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3,... High Unreviewed
CVE-2020-4668 was published Apr 9, 2022
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery ... High Unreviewed
CVE-2022-36546 was published Aug 27, 2022
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress... Moderate Unreviewed
CVE-2022-25615 was published Apr 12, 2022
The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data,... Moderate Unreviewed
CVE-2022-0914 was published Apr 12, 2022
qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI. High Unreviewed
CVE-2022-26180 was published Apr 9, 2022
A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary... Moderate Unreviewed
CVE-2022-26588 was published Apr 9, 2022
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager... High Unreviewed
CVE-2021-32162 was published Apr 12, 2022
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V,... High Unreviewed
CVE-2022-25754 was published Apr 13, 2022
ProTip! Advisories are also available from the GraphQL API