Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,439 advisories

Loading
The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example... High Unreviewed
CVE-2021-25073 was published Jan 25, 2022
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4164 was published for calibreweb (pip) Jan 21, 2022
The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing... High Unreviewed
CVE-2021-43353 was published Jan 19, 2022
An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5,... High Unreviewed
CVE-2022-0154 was published Jan 19, 2022
The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart... High Unreviewed
CVE-2022-0215 was published Jan 19, 2022
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7... High Unreviewed
CVE-2022-0180 was published Jan 18, 2022
Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Everywhere (WordPress plugin)... High Unreviewed
CVE-2021-23227 was published Jan 14, 2022
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the... High Unreviewed
CVE-2021-41597 was published Jan 13, 2022
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin High
CVE-2022-20619 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3... High Unreviewed
CVE-2021-34086 was published Jan 11, 2022
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37... High Unreviewed
CVE-2021-46147 was published Jan 11, 2022
The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to... High Unreviewed
CVE-2021-25051 was published Jan 11, 2022
The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows... High Unreviewed
CVE-2021-25052 was published Jan 11, 2022
The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to... High Unreviewed
CVE-2021-25053 was published Jan 11, 2022
Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12 High
CVE-2020-28452 was published for com.softwaremill.akka-http-session:core_2.12 (Maven) Jan 6, 2022
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4131 was published for remdex/livehelperchat (Composer) Jan 5, 2022
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4130 was published for snipe/snipe-it (Composer) Jan 5, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most... High Unreviewed
CVE-2021-20165 was published Dec 31, 2021
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers... High Unreviewed
CVE-2020-21236 was published Dec 29, 2021
A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft... High Unreviewed
CVE-2020-20945 was published Dec 28, 2021
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to... High Unreviewed
CVE-2020-20593 was published Dec 24, 2021
Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon –... High Unreviewed
CVE-2021-36886 was published Dec 23, 2021
The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to... High Unreviewed
CVE-2021-24981 was published Dec 22, 2021
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered... High Unreviewed
CVE-2021-36887 was published Dec 21, 2021
Cross-site Request Forgery (CSRF) High
CVE-2017-1000069 was published for github.com/bitly/oauth2_proxy (Go) Dec 20, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database