Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,050
Erlang
29
GitHub Actions
18
Go
1,872
Maven
5,000+
npm
3,600
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
810
Swift
35
Unreviewed advisories
All unreviewed
5,000+

55 advisories

CSRF Vuln can expose user's QRcode Low
GHSA-fxq4-r6mr-9x64 was published for Flask-Security-Too (pip) Apr 8, 2021
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse... Low Unreviewed
CVE-2022-22348 was published Mar 15, 2022
Cross-Site Request Forgery in YOURLS Low
CVE-2022-0088 was published for yourls/yourls (Composer) Apr 4, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF Low
CVE-2022-41925 was published for tailscale.com/cmd (Go) Nov 21, 2022
emilytrau JJJollyjim
Multiple cross-site request forgery (CSRF) vulnerabilities in The Uniform Server 5.6.5 allow... Low Unreviewed
CVE-2010-2113 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through... Low Unreviewed
CVE-2016-2998 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through... Low Unreviewed
CVE-2016-3009 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3... Low Unreviewed
CVE-2014-8521 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote... Low Unreviewed
CVE-2010-2114 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20... Low Unreviewed
CVE-2010-2151 was published May 17, 2022
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker... Low Unreviewed
CVE-2020-8615 was published May 24, 2022
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF... Low Unreviewed
CVE-2022-4102 was published Jan 10, 2023
Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the... Low Unreviewed
CVE-2022-45228 was published Dec 12, 2022
The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from... Low Unreviewed
CVE-2021-26071 was published May 24, 2022
Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let... Low Unreviewed
CVE-2020-18464 was published May 24, 2022
Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let... Low Unreviewed
CVE-2020-18463 was published May 24, 2022
Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote... Low Unreviewed
CVE-2008-0266 was published May 1, 2022
Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform... Low Unreviewed
CVE-2008-2140 was published May 1, 2022
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote... Low Unreviewed
CVE-2008-3197 was published May 1, 2022
bookstack is vulnerable to Cross-Site Request Forgery (CSRF) Low
CVE-2021-3944 was published for ssddanbrown/bookstack (Composer) Dec 3, 2021
Cross-Site Request Forgery in firefly-iii Low
CVE-2021-3901 was published for grumpydictator/firefly-iii (Composer) Oct 28, 2021
The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which... Low Unreviewed
CVE-2022-4309 was published Jan 16, 2023
Cross-Site Request Forgery in remdex/livehelperchat Low
CVE-2021-4049 was published for remdex/livehelperchat (Composer) Dec 10, 2021
Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET... Low Unreviewed
CVE-2017-5244 was published May 13, 2022
A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET... Low Unreviewed
CVE-2022-30694 was published Nov 8, 2022
ProTip! Advisories are also available from the GraphQL API