Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,439 advisories

Loading
Cross-Site Request Forgery in Magnolia CMS High
CVE-2021-46366 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) High Unreviewed
CVE-2022-0197 was published Feb 11, 2022
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) High Unreviewed
CVE-2022-0196 was published Feb 11, 2022
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows... High Unreviewed
CVE-2021-45268 was published Feb 11, 2022
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that... High Unreviewed
CVE-2020-7534 was published Feb 11, 2022
Cross Site Request Forgery in concrete5/concrete5 High
CVE-2021-22954 was published for concrete5/concrete5 (Composer) Feb 11, 2022
A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulnerability exists that could... High Unreviewed
CVE-2022-22808 was published Feb 11, 2022
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to... High Unreviewed
CVE-2022-22811 was published Feb 11, 2022
Cross-Site Request Forgery in xwiki-platform High
CVE-2021-32732 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Feb 10, 2022
A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of... High Unreviewed
CVE-2021-37198 was published Feb 10, 2022
Cross Site Request Forgery in Gitea High
CVE-2021-45326 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and... High Unreviewed
CVE-2021-25095 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX... High Unreviewed
CVE-2021-24879 was published Feb 8, 2022
Cross-Site Request Forgery in Filebrowser High
CVE-2021-46398 was published for github.com/filebrowser/filebrowser/v2 (Go) Feb 5, 2022
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could... High Unreviewed
CVE-2021-39044 was published Feb 3, 2022
The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF... High Unreviewed
CVE-2021-24763 was published Feb 2, 2022
CSRF token missing in Symfony High
CVE-2022-23601 was published for symfony/framework-bundle (Composer) Feb 1, 2022
jderusse nexxome
ovrflo
A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to... High Unreviewed
CVE-2021-22725 was published Jan 29, 2022
A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to... High Unreviewed
CVE-2021-22724 was published Jan 29, 2022
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component ... High Unreviewed
CVE-2022-23888 was published Jan 29, 2022
Cross Site Request Forgery in Moodle High
CVE-2022-0335 was published for moodle/moodle (Composer) Jan 28, 2022
Cross-Site Request Forgery in yetiforce High
CVE-2022-0269 was published for yetiforce/yetiforce-crm (Composer) Jan 27, 2022
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public... High Unreviewed
CVE-2021-44122 was published Jan 27, 2022
The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which... High Unreviewed
CVE-2021-24696 was published Jan 25, 2022
The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its... High Unreviewed
CVE-2021-24936 was published Jan 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database