Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,340
Erlang
31
GitHub Actions
22
Go
2,101
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+

3,598 advisories

Loading
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in... Moderate Unreviewed
CVE-2022-0199 was published Feb 22, 2022
The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu... Moderate Unreviewed
CVE-2022-0313 was published Feb 22, 2022
Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in... Moderate Unreviewed
CVE-2022-25599 was published Feb 22, 2022
Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an... Moderate Unreviewed
CVE-2021-45007 was published Feb 21, 2022
Cross-Site Request Forgery microweber Moderate
CVE-2022-0638 was published for microweber/microweber (Composer) Feb 18, 2022
A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch... Moderate Unreviewed
CVE-2021-46252 was published Feb 17, 2022
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers... Moderate Unreviewed
CVE-2021-43952 was published Feb 16, 2022
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers... Moderate Unreviewed
CVE-2021-43953 was published Feb 16, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify... Moderate Unreviewed
CVE-2021-43941 was published Feb 16, 2022
Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-25192 was published for io.jenkins.plugins:embotics-vcommander (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins Checkmarx Plugin allow capturing credentials Moderate
CVE-2022-25200 was published for com.checkmarx.jenkins:checkmarx (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25212 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault
Cross-Site Request Forgery in mm_forum Moderate Unreviewed
CVE-2020-15516 was published Feb 15, 2022
The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when... Moderate Unreviewed
CVE-2021-24446 was published Feb 15, 2022
The Entity Embed module provides a filter to allow embedding entities in content fields. In... Moderate Unreviewed
CVE-2020-13673 was published Feb 12, 2022
Cross-Site Request Forgery in Drupal core Moderate
CVE-2020-13674 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) Moderate Unreviewed
CVE-2022-0238 was published Feb 11, 2022
Cross-Site Request Forgery in CakePHP Moderate
CVE-2020-15400 was published for cakephp/cakephp (Composer) Feb 10, 2022
markstory
Cross-Site Request Forgery Moderate
CVE-2020-7780 was published for com.softwaremill.akka-http-session:core_2.11 (Maven) Feb 9, 2022
Cross-Site Request Forgery in microweber Moderate
CVE-2022-0505 was published for microweber/microweber (Composer) Feb 9, 2022
The MAZ Loader WordPress plugin through 1.3.4 does not enforce nonce checks, which allows... Moderate Unreviewed
CVE-2021-24668 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX... Moderate Unreviewed
CVE-2021-24843 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its... Moderate Unreviewed
CVE-2021-24839 was published Feb 8, 2022
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and... Moderate Unreviewed
CVE-2021-24947 was published Feb 8, 2022
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF... Moderate Unreviewed
CVE-2021-24993 was published Feb 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database