Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,439 advisories

Loading
Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1.* when you upload an html... High Unreviewed
CVE-2021-45017 was published Dec 17, 2021
Cross Site Request Forgery in mailman High
CVE-2021-44227 was published for mailman (pip) Dec 16, 2021
The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation... High Unreviewed
CVE-2021-24945 was published Dec 14, 2021
A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user... High Unreviewed
CVE-2020-19682 was published Dec 10, 2021
The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in... High Unreviewed
CVE-2021-24914 was published Dec 7, 2021
Serv-U server responds with valid CSRFToken when the request contains only Session. High Unreviewed
CVE-2021-35242 was published Dec 7, 2021
b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User... High Unreviewed
CVE-2021-31631 was published Dec 7, 2021
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the... High Unreviewed
CVE-2021-29756 was published Dec 4, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4017 was published for showdoc/showdoc (Composer) Dec 3, 2021
Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions... High Unreviewed
CVE-2021-20851 was published Dec 2, 2021
Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1... High Unreviewed
CVE-2021-20860 was published Dec 2, 2021
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel... High Unreviewed
CVE-2021-43137 was published Dec 2, 2021
The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce... High Unreviewed
CVE-2021-42364 was published Nov 30, 2021
The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to... High Unreviewed
CVE-2021-42358 was published Nov 30, 2021
Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to... High Unreviewed
CVE-2021-20845 was published Nov 25, 2021
We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0... High Unreviewed
CVE-2021-34358 was published Nov 21, 2021
The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to... High Unreviewed
CVE-2021-39353 was published Nov 20, 2021
Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during... High Unreviewed
CVE-2021-44036 was published Nov 20, 2021
Cross-Site Request Forgery (CSRF) vulnerability leading to Database Reset in WordPress WP Reset... High Unreviewed
CVE-2021-36908 was published Nov 19, 2021
Cross-Site Request Forgery in PiranhaCMS High
CVE-2021-25976 was published for Piranha (NuGet) Nov 17, 2021
Cross Site Request Forgery in kindeditor High
CVE-2021-42228 was published for kindeditor (npm) Oct 18, 2021
Cross-Site-Request-Forgery in Backend High
CVE-2021-41113 was published for typo3/cms (Composer) Oct 5, 2021
sushiwushi ohader
Cross-Site Request Forgery in GilaCMS High
CVE-2020-20693 was published for gilacms/gila (Composer) Sep 30, 2021
Cross-Site Request Forgery in sqlite-web High
CVE-2021-23404 was published for sqlite-web (pip) Sep 9, 2021
Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server High
CVE-2021-39133 was published for org.rundeck:rundeck-core (Maven) Sep 1, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database