Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,335
Erlang
31
GitHub Actions
22
Go
2,097
Maven
5,000+
npm
3,762
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
883
Swift
37
Unreviewed advisories
All unreviewed
5,000+

6,704 advisories

Loading
In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF). High Unreviewed
CVE-2022-25242 was published Feb 17, 2022
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers... Moderate Unreviewed
CVE-2021-43952 was published Feb 16, 2022
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers... Moderate Unreviewed
CVE-2021-43953 was published Feb 16, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify... Moderate Unreviewed
CVE-2021-43941 was published Feb 16, 2022
YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add High Unreviewed
CVE-2022-23384 was published Feb 16, 2022
Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-25192 was published for io.jenkins.plugins:embotics-vcommander (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins autonomiq plugin High
CVE-2022-25194 was published for io.jenkins.plugins:autonomiq (Maven) Feb 16, 2022
westonsteimel NotMyFault
CSRF vulnerability in Jenkins SCP publisher Plugin High
CVE-2022-25198 was published for org.jenkins-ci.plugins:scp (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins Checkmarx Plugin allow capturing credentials Moderate
CVE-2022-25200 was published for com.checkmarx.jenkins:checkmarx (Maven) Feb 16, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins dbCharts Plugin High
CVE-2022-25205 was published for org.jenkins-ci.plugins:dbCharts (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins Chef Sinatra Plugin allow XXE High
CVE-2022-25207 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25212 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault
etcd Cross-site Request Forgery (CSRF) High
CVE-2018-1098 was published for go.etcd.io/etcd/v3 (Go) Feb 15, 2022
Cross-Site Request Forgery in mm_forum Moderate Unreviewed
CVE-2020-15516 was published Feb 15, 2022
The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when... Moderate Unreviewed
CVE-2021-24446 was published Feb 15, 2022
The Entity Embed module provides a filter to allow embedding entities in content fields. In... Moderate Unreviewed
CVE-2020-13673 was published Feb 12, 2022
Cross-Site Request Forgery in Drupal core Moderate
CVE-2020-13674 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Cross-Site Request Forgery in Magnolia CMS High
CVE-2021-46366 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) Moderate Unreviewed
CVE-2022-0238 was published Feb 11, 2022
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) High Unreviewed
CVE-2022-0197 was published Feb 11, 2022
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) High Unreviewed
CVE-2022-0196 was published Feb 11, 2022
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows... High Unreviewed
CVE-2021-45268 was published Feb 11, 2022
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that... High Unreviewed
CVE-2020-7534 was published Feb 11, 2022
Cross Site Request Forgery in concrete5/concrete5 High
CVE-2021-22954 was published for concrete5/concrete5 (Composer) Feb 11, 2022
A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulnerability exists that could... High Unreviewed
CVE-2022-22808 was published Feb 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database