Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,867
Maven
5,000+
npm
4,488
NuGet
780
pip
4,244
Pub
12
RubyGems
975
Rust
1,096
Swift
49
Unreviewed advisories
All unreviewed
5,000+

8,501 advisories

Loading
Cross-Site Request Forgery in GilaCMS High
CVE-2020-20693 was published for gilacms/gila (Composer) Sep 30, 2021
Cross-Site Request Forgery in snipe-it Moderate
CVE-2021-3858 was published for snipe/snipe-it (Composer) Oct 21, 2021
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version... High Unreviewed
CVE-2018-6497 was published May 13, 2022
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4... High Unreviewed
CVE-2018-6496 was published May 13, 2022
Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server High
CVE-2021-39133 was published for org.rundeck:rundeck-core (Maven) Sep 1, 2021
MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts. Moderate Unreviewed
CVE-2018-7305 was published May 13, 2022
Cross-Site Request Forgery in forkcms High
CVE-2020-23264 was published for forkcms/forkcms (Composer) Jun 22, 2021
wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7... Moderate Unreviewed
CVE-2018-19511 was published May 13, 2022
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page... Moderate Unreviewed
CVE-2018-7724 was published May 13, 2022
An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability... High Unreviewed
CVE-2018-7831 was published May 13, 2022
The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin... High Unreviewed
CVE-2018-6357 was published May 13, 2022
RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi... High Unreviewed
CVE-2018-15884 was published May 13, 2022
No CSRF protection on the password change form Moderate
CVE-2021-32730 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Jul 2, 2021
JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as... High Unreviewed
CVE-2018-19546 was published May 13, 2022
An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin... Moderate Unreviewed
CVE-2018-19525 was published May 13, 2022
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title... Moderate Unreviewed
CVE-2018-15677 was published May 13, 2022
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV... Moderate Unreviewed
CVE-2018-19335 was published May 13, 2022
Cross-Site Request Forgery in mm_forum Moderate Unreviewed
CVE-2020-15516 was published Feb 15, 2022
An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the... Moderate Unreviewed
CVE-2018-10554 was published May 13, 2022
Cross-Site Request Forgery in Vert.x-Web framework High
CVE-2020-35217 was published for io.vertx:vertx-web (Maven) Apr 22, 2021
An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting... Moderate Unreviewed
CVE-2018-10806 was published May 13, 2022
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame... Moderate Unreviewed
CVE-2018-1432 was published May 13, 2022
Cryptographically weak CSRF tokens in Apache MyFaces High
CVE-2021-26296 was published for org.apache.myfaces.core:myfaces-core-module (Maven) Jun 16, 2021
Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho... Moderate Unreviewed
CVE-2018-10803 was published May 13, 2022
Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page... High Unreviewed
CVE-2022-36798 was published Sep 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database