Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,465
Erlang
33
GitHub Actions
22
Go
2,164
Maven
5,000+
npm
3,821
NuGet
696
pip
3,503
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,084 advisories

Loading
Serv-U server responds with valid CSRFToken when the request contains only Session. High Unreviewed
CVE-2021-35242 was published Dec 7, 2021
b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User... High Unreviewed
CVE-2021-31631 was published Dec 7, 2021
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the... High Unreviewed
CVE-2021-29756 was published Dec 4, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4017 was published for showdoc/showdoc (Composer) Dec 3, 2021
Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions... High Unreviewed
CVE-2021-20851 was published Dec 2, 2021
Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1... High Unreviewed
CVE-2021-20860 was published Dec 2, 2021
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel... High Unreviewed
CVE-2021-43137 was published Dec 2, 2021
The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce... High Unreviewed
CVE-2021-42364 was published Nov 30, 2021
The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to... High Unreviewed
CVE-2021-42358 was published Nov 30, 2021
Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to... High Unreviewed
CVE-2021-20845 was published Nov 25, 2021
We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0... High Unreviewed
CVE-2021-34358 was published Nov 21, 2021
The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to... High Unreviewed
CVE-2021-39353 was published Nov 20, 2021
Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during... High Unreviewed
CVE-2021-44036 was published Nov 20, 2021
Cross-Site Request Forgery (CSRF) vulnerability leading to Database Reset in WordPress WP Reset... High Unreviewed
CVE-2021-36908 was published Nov 19, 2021
Cross-Site Request Forgery in PiranhaCMS High
CVE-2021-25976 was published for Piranha (NuGet) Nov 17, 2021
Cross Site Request Forgery in kindeditor High
CVE-2021-42228 was published for kindeditor (npm) Oct 18, 2021
Cross-Site-Request-Forgery in Backend High
CVE-2021-41113 was published for typo3/cms (Composer) Oct 5, 2021
sushiwushi ohader
Cross-Site Request Forgery in GilaCMS High
CVE-2020-20693 was published for gilacms/gila (Composer) Sep 30, 2021
Cross-Site Request Forgery in sqlite-web High
CVE-2021-23404 was published for sqlite-web (pip) Sep 9, 2021
Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server High
CVE-2021-39133 was published for org.rundeck:rundeck-core (Maven) Sep 1, 2021
Cross-Site Request Forgery in express-cart High
CVE-2020-22403 was published for express-cart (npm) Aug 30, 2021
Cross-Site Request Forgery in forkcms High
CVE-2020-23264 was published for forkcms/forkcms (Composer) Jun 22, 2021
Cryptographically weak CSRF tokens in Apache MyFaces High
CVE-2021-26296 was published for org.apache.myfaces.core:myfaces-core-module (Maven) Jun 16, 2021
CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials High
CVE-2021-21652 was published for org.jenkins-ci.plugins:xray-connector (Maven) Jun 16, 2021
NotMyFault
Cross-Site Request Forgery (CSRF) in FastAPI High
CVE-2021-32677 was published for fastapi (pip) Jun 10, 2021
b0g3r
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database