Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,360 advisories

Loading
mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The... Moderate Unreviewed
CVE-2021-46027 was published Jan 21, 2022
In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The... Moderate Unreviewed
CVE-2021-46028 was published Jan 21, 2022
Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries... Moderate Unreviewed
CVE-2021-44777 was published Jan 20, 2022
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF... Moderate Unreviewed
CVE-2021-25025 was published Jan 18, 2022
Cross-Site Request Forgery in Jenkins Mailer Plugin Moderate
CVE-2022-20613 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022
NotMyFault westonsteimel
CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin Moderate
CVE-2022-23111 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault
CSRF vulnerability in Jenkins batch task Plugin Moderate
CVE-2022-23115 was published for org.jenkins-ci.plugins:batch-task (Maven) Jan 13, 2022
NotMyFault
A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0... Moderate Unreviewed
CVE-2021-46080 was published Jan 7, 2022
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4168 was published for showdoc/showdoc (Composer) Jan 6, 2022
archivy is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4162 was published for archivy (pip) Jan 6, 2022
westonsteimel
Cross-Site Request Forgery in Moodle Moderate
CVE-2020-1692 was published for moodle/moodle (Composer) Jan 6, 2022
CSRF forgery protection bypass in solidus_frontend Moderate
CVE-2021-43846 was published for solidus_frontend (RubyGems) Jan 6, 2022
iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by... Moderate Unreviewed
CVE-2020-29292 was published Dec 31, 2021
The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before... Moderate Unreviewed
CVE-2021-24988 was published Dec 28, 2021
A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7... Moderate Unreviewed
CVE-2020-20943 was published Dec 28, 2021
A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a... Moderate Unreviewed
CVE-2020-20595 was published Dec 24, 2021
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a... Moderate Unreviewed
CVE-2021-43156 was published Dec 23, 2021
In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a... Moderate Unreviewed
CVE-2021-43158 was published Dec 23, 2021
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4123 was published for remdex/livehelperchat (Composer) Dec 17, 2021
Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user... Moderate Unreviewed
CVE-2021-26800 was published Dec 17, 2021
pimcore is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4082 was published for pimcore/pimcore (Composer) Dec 16, 2021
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4092 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ... Moderate Unreviewed
CVE-2021-44948 was published Dec 15, 2021
glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ... Moderate Unreviewed
CVE-2021-44942 was published Dec 15, 2021
The NEX-Forms WordPress plugin through 7.9.4 does not escape some of its settings and form fields... Moderate Unreviewed
CVE-2021-24705 was published Dec 14, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database