Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,439 advisories

Loading
Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether... High Unreviewed
CVE-2021-43937 was published Apr 30, 2022
Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One... High Unreviewed
CVE-2022-29451 was published Apr 30, 2022
Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create... High Unreviewed
CVE-2004-1995 was published Apr 29, 2022
Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3)... High Unreviewed
CVE-2004-1967 was published Apr 29, 2022
Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote... High Unreviewed
CVE-2004-1842 was published Apr 29, 2022
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in... High Unreviewed
CVE-2004-1703 was published Apr 29, 2022
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery ... High Unreviewed
CVE-2022-28892 was published Apr 29, 2022
The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2.... High Unreviewed
CVE-2022-29555 was published Apr 29, 2022
Malfunction of CSRF token validation in Shopware High
CVE-2022-24879 was published for shopware/shopware (Composer) Apr 28, 2022
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the... High Unreviewed
CVE-2022-27374 was published Apr 26, 2022
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the... High Unreviewed
CVE-2022-27375 was published Apr 26, 2022
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal. High Unreviewed
CVE-2012-2079 was published Apr 23, 2022
All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf... High Unreviewed
CVE-2021-32929 was published Apr 23, 2022
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which... High Unreviewed
CVE-2021-38886 was published Apr 23, 2022
Cross Site Request Forgery in Mingsoft MCMS High
CVE-2022-27340 was published for net.mingsoft:ms-mcms (Maven) Apr 23, 2022
A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF)... High Unreviewed
CVE-2011-3582 was published Apr 22, 2022
A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in... High Unreviewed
CVE-2011-2934 was published Apr 22, 2022
Cobbler Web Interface Lacks CSRF Protection High
CVE-2011-4952 was published for cobbler (pip) Apr 22, 2022
The user-access-manager plugin before 1.2 for WordPress has CSRF. High Unreviewed
CVE-2011-5328 was published Apr 22, 2022
Tiki Wiki CMS Groupware 5.2 has CSRF High Unreviewed
CVE-2010-4241 was published Apr 21, 2022
Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions,... High Unreviewed
CVE-2022-27629 was published Apr 21, 2022
Selenium Server (Grid) CSRF High
CVE-2022-28108 was published for org.seleniumhq.selenium:selenium-grid (Maven) Apr 20, 2022
jeffwidman
The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via... High Unreviewed
CVE-2021-4096 was published Apr 20, 2022
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an... High Unreviewed
CVE-2022-23976 was published Apr 19, 2022
Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected... High Unreviewed
CVE-2022-28109 was published Apr 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database