Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,128
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,024
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,440 advisories

Loading
Gem in a Box vulnerable to Cross-site Request Forgery High
CVE-2017-14683 was published for geminabox (RubyGems) May 13, 2022
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the... High Unreviewed
CVE-2019-6282 was published May 13, 2022
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. High Unreviewed
CVE-2015-5395 was published May 13, 2022
An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an... High Unreviewed
CVE-2018-10503 was published May 13, 2022
A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All... High Unreviewed
CVE-2016-8673 was published May 13, 2022
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack High
CVE-2015-7537 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack High
CVE-2015-7538 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight... High Unreviewed
CVE-2018-6504 was published May 13, 2022
CSRF in baserCMS 3.0.10 and earlier High
CVE-2016-4879 was published for baserproject/basercms (Composer) May 13, 2022
The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise... High Unreviewed
CVE-2018-12415 was published May 13, 2022
boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks... High Unreviewed
CVE-2014-5280 was published May 13, 2022
A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before... High Unreviewed
CVE-2019-10673 was published May 13, 2022
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts... High Unreviewed
CVE-2018-8811 was published May 13, 2022
Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows... High Unreviewed
CVE-2017-2097 was published May 13, 2022
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy... High Unreviewed
CVE-2017-11455 was published May 13, 2022
Kallithea cross-site request forgery (CSRF) vulnerability High
CVE-2015-0276 was published for Kallithea (pip) May 13, 2022
Kallithea Routes CSRF Bypass High
CVE-2016-3691 was published for kallithea (pip) May 13, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0... High Unreviewed
CVE-2016-3406 was published May 13, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra... High Unreviewed
CVE-2016-3403 was published May 13, 2022
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite ... High Unreviewed
CVE-2015-7610 was published May 13, 2022
Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote... High Unreviewed
CVE-2015-7563 was published May 13, 2022
JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action... High Unreviewed
CVE-2018-18436 was published May 13, 2022
There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile ... High Unreviewed
CVE-2017-12584 was published May 13, 2022
Jenkins Slack Notification Plugin CSRF vulnerability and missing permission checks High
CVE-2019-1003044 was published for org.jenkins-ci.plugins:slack (Maven) May 13, 2022
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves ... High Unreviewed
CVE-2017-7178 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database