Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,440 advisories

Loading
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote... High Unreviewed
CVE-2016-4069 was published May 14, 2022
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the... High Unreviewed
CVE-2017-4928 was published May 14, 2022
There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the... High Unreviewed
CVE-2018-9092 was published May 14, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote... High Unreviewed
CVE-2014-6046 was published May 14, 2022
tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html. High Unreviewed
CVE-2018-15568 was published May 14, 2022
phpMyFAQ CSRF High
CVE-2018-16650 was published for thorsten/phpmyfaq (Composer) May 14, 2022
xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote... High Unreviewed
CVE-2018-16951 was published May 14, 2022
admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account. High Unreviewed
CVE-2018-16431 was published May 14, 2022
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of... High Unreviewed
CVE-2018-15901 was published May 14, 2022
An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection,... High Unreviewed
CVE-2018-15682 was published May 14, 2022
Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3... High Unreviewed
CVE-2018-17023 was published May 14, 2022
KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains... High Unreviewed
CVE-2018-1000669 was published May 14, 2022
Subrion CMS CSRF Vulnerability High
CVE-2017-15063 was published for intelliants/subrion (Composer) May 14, 2022
Auth0-ASPNET and Auth0-ASPNET-Owin vulnerable to Cross-Site Request Forgery High
CVE-2018-15121 was published for Auth0-ASPNET-Owin (NuGet) May 14, 2022
klaudialax
Mingsoft MCMS CSRF vulnerability High
CVE-2018-17366 was published for net.mingsoft:ms-mcms (Maven) May 14, 2022
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. High Unreviewed
CVE-2018-14769 was published May 14, 2022
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin... High Unreviewed
CVE-2018-16345 was published May 14, 2022
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if... High Unreviewed
CVE-2018-16314 was published May 14, 2022
A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30. High Unreviewed
CVE-2018-18734 was published May 14, 2022
A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI. High Unreviewed
CVE-2018-18742 was published May 14, 2022
A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33. High Unreviewed
CVE-2018-18735 was published May 14, 2022
HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account.... High Unreviewed
CVE-2018-17826 was published May 14, 2022
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the... High Unreviewed
CVE-2018-18712 was published May 14, 2022
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the... High Unreviewed
CVE-2018-18711 was published May 14, 2022
An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that... High Unreviewed
CVE-2018-17104 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database