Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,440 advisories

Loading
Engelsystem before commit hash 2e28336 allows CSRF. High Unreviewed
CVE-2018-19182 was published May 14, 2022
UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. High Unreviewed
CVE-2018-20612 was published May 14, 2022
An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert... High Unreviewed
CVE-2019-6294 was published May 14, 2022
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin... High Unreviewed
CVE-2019-6249 was published May 14, 2022
Zenbership v107 has CSRF via admin/cp-functions/event-add.php. High Unreviewed
CVE-2016-10738 was published May 14, 2022
CSRF vulnerability in Email Extension Template Plugin High
CVE-2018-1000417 was published for org.jenkins-ci.plugins:email-ext (Maven) May 14, 2022
CSRF vulnerability in Config File Provider Plugin High
CVE-2018-1000414 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 14, 2022
A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers... High Unreviewed
CVE-2018-20728 was published May 14, 2022
An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm... High Unreviewed
CVE-2019-6508 was published May 14, 2022
An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm... High Unreviewed
CVE-2019-6507 was published May 14, 2022
An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app... High Unreviewed
CVE-2019-6510 was published May 14, 2022
An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app... High Unreviewed
CVE-2019-6509 was published May 14, 2022
Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. High Unreviewed
CVE-2018-20228 was published May 14, 2022
An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks... High Unreviewed
CVE-2019-6244 was published May 14, 2022
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links. High Unreviewed
CVE-2019-6779 was published May 14, 2022
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default).... High Unreviewed
CVE-2018-19135 was published May 14, 2022
A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback... High Unreviewed
CVE-2019-7346 was published May 14, 2022
CSZ CMS 1.1.8 has CSRF via admin/users/new/add. High Unreviewed
CVE-2019-7566 was published May 14, 2022
An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). There is a CSRF vulnerability... High Unreviewed
CVE-2019-7569 was published May 14, 2022
Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1). High Unreviewed
CVE-2018-20780 was published May 14, 2022
A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m... High Unreviewed
CVE-2019-7737 was published May 14, 2022
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in... High Unreviewed
CVE-2018-1000858 was published May 14, 2022
BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php... High Unreviewed
CVE-2019-8347 was published May 14, 2022
MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in... High Unreviewed
CVE-2019-1000003 was published May 14, 2022
A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 ... High Unreviewed
CVE-2018-6907 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database