Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,857
NuGet
696
pip
3,639
Pub
12
RubyGems
912
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+

7,083 advisories

Loading
Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin)... Moderate Unreviewed
CVE-2022-25608 was published Mar 24, 2022
A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers... High Unreviewed
CVE-2022-24235 was published Mar 22, 2022
The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF... High Unreviewed
CVE-2021-24905 was published Mar 22, 2022
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. Moderate Unreviewed
CVE-2022-0515 was published Mar 22, 2022
The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper... High Unreviewed
CVE-2022-0229 was published Mar 22, 2022
The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting... Moderate Unreviewed
CVE-2022-0616 was published Mar 22, 2022
The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when... Moderate Unreviewed
CVE-2022-0681 was published Mar 22, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). High Unreviewed
CVE-2022-23349 was published Mar 22, 2022
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary... High Unreviewed
CVE-2021-40662 was published Mar 22, 2022
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to... High Unreviewed
CVE-2022-27226 was published Mar 20, 2022
Cross-Site Request Forgery in Jenkins P4 Plugin High
CVE-2021-21655 was published for org.jenkins-ci.plugins:p4 (Maven) Mar 18, 2022
NotMyFault
CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin High
CVE-2022-27198 was published for org.jenkins-ci.plugins:aws-credentials (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF Moderate
CVE-2022-27204 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability in Jenkins Release Helper Plugin Moderate
CVE-2022-27214 was published for org.jenkins-ci.plugins:release-helper (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials High
CVE-2022-27210 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or... Moderate Unreviewed
CVE-2022-22734 was published Mar 15, 2022
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse... Low Unreviewed
CVE-2022-22348 was published Mar 15, 2022
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site... High Unreviewed
CVE-2022-22346 was published Mar 15, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally... High Unreviewed
CVE-2021-45886 was published Mar 14, 2022
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and... High Unreviewed
CVE-2022-25600 was published Mar 12, 2022
Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs,... Moderate Unreviewed
CVE-2022-26101 was published Mar 11, 2022
The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce... Moderate Unreviewed
CVE-2021-25098 was published Mar 8, 2022
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the ... High Unreviewed
CVE-2022-0439 was published Mar 8, 2022
The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before... Moderate Unreviewed
CVE-2022-0445 was published Mar 8, 2022
Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF),... Moderate Unreviewed
CVE-2021-44321 was published Mar 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database