Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+

5,948 advisories

Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in... Moderate Unreviewed
CVE-2010-3024 was published May 17, 2022
A vulnerability in the web-based management interface of Cisco Unified Communications Manager ... Moderate Unreviewed
CVE-2022-20787 was published Apr 22, 2022
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the... High Unreviewed
CVE-2022-27375 was published Apr 26, 2022
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the... High Unreviewed
CVE-2022-27374 was published Apr 26, 2022
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in... Moderate Unreviewed
CVE-2021-24805 was published Apr 26, 2022
Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function... Moderate Unreviewed
CVE-2022-44937 was published Nov 28, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2018-1000195 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2017-2613 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which... High Unreviewed
CVE-2021-38886 was published Apr 23, 2022
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,... Moderate Unreviewed
CVE-2022-3747 was published Nov 29, 2022
Cross-Site Request Forgery in Jenkins Git Plugin High
CVE-2017-1000092 was published for org.jenkins-ci.plugins:git (Maven) May 17, 2022
Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notification E-mails plugin <= 1... High Unreviewed
CVE-2022-34654 was published Nov 28, 2022
Cross-Site Request Forgery in Jolokia High
CVE-2018-10899 was published for org.jolokia:jolokia-core (Maven) May 24, 2022
Kirby CMS 2.5.12 Cross-site Request Forgery Moderate
CVE-2018-14519 was published for getkirby/cms (Composer) Aug 25, 2022
Froxlor vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2022-3017 was published for froxlor/froxlor (Composer) Aug 29, 2022
The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2022-3898 was published Nov 29, 2022
Cross-Site Request Forgery in XXL-Job High
CVE-2022-29002 was published for com.xuxueli:xxl-job (Maven) May 24, 2022
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. Moderate Unreviewed
CVE-2020-28040 was published May 24, 2022
The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and... Moderate Unreviewed
CVE-2020-35773 was published May 24, 2022
The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and... Moderate Unreviewed
CVE-2021-24822 was published Nov 30, 2021
Cross-Site Request Forgery in Apache Tomcat Moderate
CVE-2012-4431 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. CSRF can... Moderate Unreviewed
CVE-2020-25252 was published May 24, 2022
Cross-Site Request Forgery in Jenkins High
CVE-2017-1000356 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and... Moderate Unreviewed
CVE-2021-24730 was published Mar 1, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF Low
CVE-2022-41925 was published for tailscale.com/cmd (Go) Nov 21, 2022
emilytrau JJJollyjim
ProTip! Advisories are also available from the GraphQL API