Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,802
Erlang
36
GitHub Actions
29
Go
2,384
Maven
5,000+
npm
4,015
NuGet
720
pip
3,811
Pub
12
RubyGems
930
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

7,807 advisories

Loading
An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport... Moderate Unreviewed
CVE-2020-35615 was published May 24, 2022
The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing... High Unreviewed
CVE-2021-24174 was published May 24, 2022
The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make... Moderate Unreviewed
CVE-2021-24173 was published May 24, 2022
Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. High Unreviewed
CVE-2020-36247 was published May 24, 2022
Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to... Moderate Unreviewed
CVE-2021-29349 was published May 24, 2022
A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library... High Unreviewed
CVE-2020-7201 was published May 24, 2022
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to... Moderate Unreviewed
CVE-2020-4904 was published May 24, 2022
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6... High Unreviewed
CVE-2020-8461 was published May 24, 2022
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries. High Unreviewed
CVE-2021-20073 was published May 24, 2022
HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver ... High Unreviewed
CVE-2020-36283 was published May 24, 2022
Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers... Moderate Unreviewed
CVE-2021-20650 was published May 24, 2022
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers... Moderate Unreviewed
CVE-2021-20636 was published May 24, 2022
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers... Moderate Unreviewed
CVE-2021-20641 was published May 24, 2022
Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers... Moderate Unreviewed
CVE-2021-20647 was published May 24, 2022
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a... High Unreviewed
CVE-2020-28858 was published May 24, 2022
An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and... Moderate Unreviewed
CVE-2020-13186 was published May 24, 2022
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for... High Unreviewed
CVE-2020-35942 was published May 24, 2022
Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management... Moderate Unreviewed
CVE-2021-22500 was published May 24, 2022
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were present in Tufin SecureTrack,... High Unreviewed
CVE-2020-13460 was published May 24, 2022
CSRF vulnerability in Jenkins openstack-heat Plugin Moderate
CVE-2022-36911 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
NotMyFault
Jenkins Coverity Plugin vulnerable to cross-site request forgery (CSRF) High
CVE-2022-36920 was published for org.jenkins-ci.plugins:coverity (Maven) Jul 28, 2022
NotMyFault
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to... Moderate Unreviewed
CVE-2020-4827 was published May 24, 2022
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to... Moderate Unreviewed
CVE-2020-4826 was published May 24, 2022
FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page... Moderate Unreviewed
CVE-2020-28705 was published May 24, 2022
A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index... High Unreviewed
CVE-2020-24271 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database