Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,499
Maven
5,000+
npm
4,138
NuGet
735
pip
3,945
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,440 advisories

Loading
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF. High Unreviewed
CVE-2018-16365 was published May 14, 2022
Apache Archiva vulnerable to Cross Site Request Forgery High
CVE-2017-5657 was published for org.apache.archiva:archiva (Maven) May 14, 2022
A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including... High Unreviewed
CVE-2016-8201 was published May 14, 2022
Contao CSRF Token Bypass High
CVE-2019-10642 was published for contao/contao (Composer) May 14, 2022
phpMyAdmin CSRF Vulnerability High
CVE-2018-19969 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider... High Unreviewed
CVE-2017-9963 was published May 14, 2022
A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot... High Unreviewed
CVE-2016-5758 was published May 14, 2022
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote... High Unreviewed
CVE-2017-18042 was published May 14, 2022
phpMyAdmin CSRF Vulnerability High
CVE-2017-1000499 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to... High Unreviewed
CVE-2017-12970 was published May 14, 2022
Cross-Site Request Forgery in Jenkins High
CVE-2017-1000504 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
** DISPUTED ** main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE:... High Unreviewed
CVE-2018-18696 was published May 14, 2022
Jenkins Favorite Plugin vulnerable to Cross-Site Request Forgery High
CVE-2017-1000244 was published for org.jvnet.hudson.plugins:favorite (Maven) May 14, 2022
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page... High Unreviewed
CVE-2017-1000479 was published May 14, 2022
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in... High Unreviewed
CVE-2018-1000206 was published May 14, 2022
Wampserver before 3.1.3 has CSRF in add_vhost.php. High Unreviewed
CVE-2018-8817 was published May 14, 2022
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote... High Unreviewed
CVE-2019-5924 was published May 14, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in... High Unreviewed
CVE-2015-4089 was published May 14, 2022
There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the... High Unreviewed
CVE-2018-16966 was published May 14, 2022
The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php... High Unreviewed
CVE-2018-17584 was published May 14, 2022
An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action... High Unreviewed
CVE-2018-16380 was published May 13, 2022
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers... High Unreviewed
CVE-2015-0970 was published May 13, 2022
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0... High Unreviewed
CVE-2016-2863 was published May 13, 2022
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. High Unreviewed
CVE-2017-8928 was published May 13, 2022
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux... High Unreviewed
CVE-2017-9810 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database