Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,335
Erlang
31
GitHub Actions
22
Go
2,096
Maven
5,000+
npm
3,762
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

6,704 advisories

Loading
A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to... High Unreviewed
CVE-2021-22724 was published Jan 29, 2022
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component ... High Unreviewed
CVE-2022-23888 was published Jan 29, 2022
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers... Moderate Unreviewed
CVE-2022-23887 was published Jan 29, 2022
Cross Site Request Forgery in Moodle High
CVE-2022-0335 was published for moodle/moodle (Composer) Jan 28, 2022
Cross-Site Request Forgery in yetiforce High
CVE-2022-0269 was published for yetiforce/yetiforce-crm (Composer) Jan 27, 2022
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public... High Unreviewed
CVE-2021-44122 was published Jan 27, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat Moderate
CVE-2022-0231 was published for remdex/livehelperchat (Composer) Jan 26, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat Moderate
CVE-2022-0226 was published for remdex/livehelperchat (Composer) Jan 26, 2022
The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which... High Unreviewed
CVE-2021-24696 was published Jan 25, 2022
The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its... High Unreviewed
CVE-2021-24936 was published Jan 25, 2022
The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the... Moderate Unreviewed
CVE-2021-24968 was published Jan 25, 2022
The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place... Moderate Unreviewed
CVE-2021-24989 was published Jan 25, 2022
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the... Moderate Unreviewed
CVE-2021-25013 was published Jan 25, 2022
The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example... High Unreviewed
CVE-2021-25073 was published Jan 25, 2022
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4164 was published for calibreweb (pip) Jan 21, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2022-20612 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 21, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat Moderate
CVE-2022-0245 was published for livehelperchat/livehelperchat (Composer) Jan 21, 2022
mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The... Moderate Unreviewed
CVE-2021-46027 was published Jan 21, 2022
In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The... Moderate Unreviewed
CVE-2021-46028 was published Jan 21, 2022
Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries... Moderate Unreviewed
CVE-2021-44777 was published Jan 20, 2022
The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing... High Unreviewed
CVE-2021-43353 was published Jan 19, 2022
An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5,... High Unreviewed
CVE-2022-0154 was published Jan 19, 2022
The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart... High Unreviewed
CVE-2022-0215 was published Jan 19, 2022
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7... High Unreviewed
CVE-2022-0180 was published Jan 18, 2022
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF... Moderate Unreviewed
CVE-2021-25025 was published Jan 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database