Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,440 advisories

Loading
A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1.... High Unreviewed
CVE-2017-6081 was published May 14, 2022
PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the... High Unreviewed
CVE-2019-9769 was published May 14, 2022
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. High Unreviewed
CVE-2017-15730 was published May 14, 2022
Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote... High Unreviewed
CVE-2019-5920 was published May 14, 2022
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the... High Unreviewed
CVE-2017-9064 was published May 14, 2022
Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for... High Unreviewed
CVE-2018-20231 was published May 14, 2022
PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit... High Unreviewed
CVE-2018-20633 was published May 14, 2022
AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. High Unreviewed
CVE-2019-6967 was published May 14, 2022
PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php. High Unreviewed
CVE-2018-20648 was published May 14, 2022
PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit... High Unreviewed
CVE-2019-7433 was published May 14, 2022
PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit... High Unreviewed
CVE-2018-20644 was published May 14, 2022
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via... High Unreviewed
CVE-2018-20641 was published May 14, 2022
Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross... High Unreviewed
CVE-2018-14575 was published May 14, 2022
S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php... High Unreviewed
CVE-2019-10237 was published May 14, 2022
Symfony CSRF Token Fixation High
CVE-2018-11406 was published for symfony/security (Composer) May 14, 2022
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF. High Unreviewed
CVE-2019-7391 was published May 14, 2022
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution... High Unreviewed
CVE-2019-9787 was published May 14, 2022
PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF)... High Unreviewed
CVE-2019-9604 was published May 14, 2022
An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an... High Unreviewed
CVE-2019-10644 was published May 14, 2022
OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web... High Unreviewed
CVE-2014-7198 was published May 14, 2022
A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role... High Unreviewed
CVE-2019-10888 was published May 14, 2022
MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI. High Unreviewed
CVE-2019-11078 was published May 14, 2022
Subrion CMS vulnerable to CSRF in blog/delete High
CVE-2017-18366 was published for intelliants/subrion (Composer) May 14, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier... High Unreviewed
CVE-2016-4469 was published May 14, 2022
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF. High Unreviewed
CVE-2018-16366 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database