Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,499
Maven
5,000+
npm
4,141
NuGet
735
pip
3,945
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,440 advisories

Loading
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. High Unreviewed
CVE-2017-9062 was published May 13, 2022
The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented... High Unreviewed
CVE-2018-10233 was published May 13, 2022
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled... High Unreviewed
CVE-2014-0594 was published May 13, 2022
J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues... High Unreviewed
CVE-2016-1261 was published May 13, 2022
In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web... High Unreviewed
CVE-2016-6557 was published May 13, 2022
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password... High Unreviewed
CVE-2016-9127 was published May 13, 2022
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF)... High Unreviewed
CVE-2017-0933 was published May 13, 2022
A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote... High Unreviewed
CVE-2017-12253 was published May 13, 2022
A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated,... High Unreviewed
CVE-2017-12271 was published May 13, 2022
A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web... High Unreviewed
CVE-2017-14011 was published May 13, 2022
Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center,... High Unreviewed
CVE-2017-14362 was published May 13, 2022
The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request... High Unreviewed
CVE-2017-3187 was published May 13, 2022
Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in... High Unreviewed
CVE-2017-3965 was published May 13, 2022
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server... High Unreviewed
CVE-2017-5187 was published May 13, 2022
Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can... High Unreviewed
CVE-2017-5263 was published May 13, 2022
A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch,... High Unreviewed
CVE-2017-6038 was published May 13, 2022
A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all... High Unreviewed
CVE-2017-6042 was published May 13, 2022
A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool... High Unreviewed
CVE-2017-6756 was published May 13, 2022
A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise... High Unreviewed
CVE-2017-7423 was published May 13, 2022
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API... High Unreviewed
CVE-2017-7557 was published May 13, 2022
In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was... High Unreviewed
CVE-2017-7906 was published May 13, 2022
Cross-Site Request Forgery in hawtio High
CVE-2017-7556 was published for io.hawt:project (Maven) May 13, 2022
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1... High Unreviewed
CVE-2017-7926 was published May 13, 2022
A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build... High Unreviewed
CVE-2017-7917 was published May 13, 2022
PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to... High Unreviewed
CVE-2017-9641 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database