Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+

5,948 advisories

Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress... Moderate Unreviewed
CVE-2022-27847 was published Apr 14, 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site... Moderate Unreviewed
CVE-2022-22959 was published Apr 14, 2022
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress... Moderate Unreviewed
CVE-2022-25614 was published Apr 12, 2022
An issue was discovered in baijiacms v4. There is a CSRF vulnerability that can modify the store... Moderate Unreviewed
CVE-2021-34250 was published Apr 12, 2022
Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress... Moderate Unreviewed
CVE-2022-27846 was published Apr 14, 2022
CSRF vulnerability in Jenkins Publish Over FTP Plugin High
CVE-2022-29050 was published for org.jenkins-ci.plugins:publish-over-ftp (Maven) Apr 13, 2022
westonsteimel
The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could... High Unreviewed
CVE-2022-0141 was published Apr 13, 2022
Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007... Moderate Unreviewed
CVE-2010-3213 was published May 17, 2022
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an... Moderate Unreviewed
CVE-2022-23975 was published Apr 19, 2022
A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron... High Unreviewed
CVE-2021-32156 was published Apr 12, 2022
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and... High Unreviewed
CVE-2021-32159 was published Apr 12, 2022
Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an... Moderate Unreviewed
CVE-2022-27850 was published Apr 16, 2022
The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via... High Unreviewed
CVE-2021-4096 was published Apr 20, 2022
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could... Moderate Unreviewed
CVE-2022-20735 was published Apr 16, 2022
The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have... Critical Unreviewed
CVE-2022-1020 was published Apr 19, 2022
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an... High Unreviewed
CVE-2022-23976 was published Apr 19, 2022
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages. Moderate Unreviewed
CVE-2022-26589 was published Apr 14, 2022
Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as... High Unreviewed
CVE-2022-28108 was published Apr 20, 2022
Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions,... High Unreviewed
CVE-2022-27629 was published Apr 21, 2022
Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected... High Unreviewed
CVE-2022-28109 was published Apr 16, 2022
Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker... Moderate Unreviewed
CVE-2022-27851 was published Apr 16, 2022
Cross Site Request Forgery in Mingsoft MCMS High
CVE-2022-27340 was published for net.mingsoft:ms-mcms (Maven) Apr 23, 2022
All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf... High Unreviewed
CVE-2021-32929 was published Apr 23, 2022
The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when... Moderate Unreviewed
CVE-2022-0707 was published Apr 19, 2022
The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its... Moderate Unreviewed
CVE-2022-1112 was published Apr 19, 2022
ProTip! Advisories are also available from the GraphQL API