Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,340
Erlang
31
GitHub Actions
22
Go
2,101
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+

6,709 advisories

Loading
Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0... Moderate Unreviewed
CVE-2011-0642 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1... Moderate Unreviewed
CVE-2011-0629 was published May 17, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration screen in wp... Moderate Unreviewed
CVE-2011-0760 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in admin/conf_users_edit.php in PHP Link... Moderate Unreviewed
CVE-2011-0643 was published May 17, 2022
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site... High Unreviewed
CVE-2022-22346 was published Mar 15, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally... High Unreviewed
CVE-2021-45886 was published Mar 14, 2022
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse... Low Unreviewed
CVE-2022-22348 was published Mar 15, 2022
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and... High Unreviewed
CVE-2022-25600 was published Mar 12, 2022
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25212 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault
Cross Site Request Forgery in mailman High
CVE-2021-44227 was published for mailman (pip) Dec 16, 2021
Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs,... Moderate Unreviewed
CVE-2022-26101 was published Mar 11, 2022
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24437 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions... Moderate Unreviewed
CVE-2023-0403 was published Jan 19, 2023
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function... High Unreviewed
CVE-2019-13477 was published May 24, 2022
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints High
CVE-2022-43719 was published for apache-superset (pip) Jan 16, 2023
Fat Free CRM contains Cross-site Request Forgery vulnerablilities Moderate
CVE-2013-7223 was published for fat_free_crm (RubyGems) May 17, 2022
CakePHP has incorrect Cross-Site Request Forgery validation Moderate
GHSA-829q-v5g8-hhxc was published for cakephp/cakephp (Composer) Jan 20, 2023
kube-httpcache is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
GHSA-47xh-qxqv-mgvg was published for github.com/mittwald/kube-httpcache (Go) Dec 2, 2022
kbcasagrande
Authentication Bypass by CSRF Weakness Critical
GHSA-5629-8855-gf4g was published for solidus_core (RubyGems) Nov 18, 2021
oliverchang
CSRF Vuln can expose user's QRcode Low
GHSA-fxq4-r6mr-9x64 was published for Flask-Security-Too (pip) Apr 8, 2021
Cross-Site Request Forgery (CSRF) in Auth0 High
CVE-2018-6874 was published for auth0-js (npm) Nov 6, 2018
CSRF Vulnerability in jquery-ujs Moderate
GHSA-6qqj-rx4w-r3cj was published for jquery-ujs (npm) Aug 31, 2020
XSS due to lack of CSRF validation for replying/publishing Moderate
CVE-2020-15156 was published for nodebb-plugin-blog-comments (npm) Aug 26, 2020
gwynnarth
CSRF in Play Framework Moderate
CVE-2020-12480 was published for com.typesafe.play:play_2.12 (Maven) Aug 18, 2020
CSRF vulnerability in save-server Moderate
CVE-2020-15135 was published for save-server (npm) Aug 4, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database