Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,439 advisories

Loading
Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8... High Unreviewed
CVE-2015-7715 was published May 13, 2022
October CMS CSRF High
CVE-2017-16244 was published for october/october (Composer) May 13, 2022
daftspunk
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6... High Unreviewed
CVE-2018-1434 was published May 13, 2022
SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is... High Unreviewed
CVE-2017-12439 was published May 13, 2022
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable... High Unreviewed
CVE-2018-9281 was published May 13, 2022
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting... High Unreviewed
CVE-2018-8979 was published May 13, 2022
An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability... High Unreviewed
CVE-2018-7831 was published May 13, 2022
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4... High Unreviewed
CVE-2018-6496 was published May 13, 2022
The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin... High Unreviewed
CVE-2018-6357 was published May 13, 2022
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version... High Unreviewed
CVE-2018-6497 was published May 13, 2022
WPGlobus plugin Stored XSS & CSRF security vulnerability High
CVE-2018-5361 was published for wpglobus/wpglobus (Composer) May 13, 2022
FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute... High Unreviewed
CVE-2018-19911 was published May 13, 2022
JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as... High Unreviewed
CVE-2018-19546 was published May 13, 2022
RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi... High Unreviewed
CVE-2018-15884 was published May 13, 2022
PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS. High Unreviewed
CVE-2018-11501 was published May 13, 2022
Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before... High Unreviewed
CVE-2015-3655 was published May 13, 2022
IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow... High Unreviewed
CVE-2016-3029 was published May 13, 2022
WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name... High Unreviewed
CVE-2017-14530 was published May 13, 2022
Moodle multiple cross-site request forgery (CSRF) vulnerabilities High
CVE-2015-5338 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle Cross-site request forgery (CSRF) vulnerability High
CVE-2016-3734 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle cross-site request forgery (CSRF) vulnerability High
CVE-2016-2157 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Bolt Cross Site Request Forgery (CSRF) High
CVE-2019-10874 was published for bolt/bolt (Composer) May 13, 2022
Mautic Cross-Site Request Forgery (CSRF) High
CVE-2017-8874 was published for mautic/core (Composer) May 13, 2022
MicroPyramid Django-CRM CSRF High
CVE-2018-16552 was published for Django-CRM (pip) May 13, 2022
public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges. High Unreviewed
CVE-2017-7571 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database