Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,520 advisories

Loading
The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to... High Unreviewed
CVE-2021-42358 was published Nov 30, 2021
The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce... High Unreviewed
CVE-2021-42364 was published Nov 30, 2021
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel... High Unreviewed
CVE-2021-43137 was published Dec 2, 2021
Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1... High Unreviewed
CVE-2021-20860 was published Dec 2, 2021
Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions... High Unreviewed
CVE-2021-20851 was published Dec 2, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4017 was published for showdoc/showdoc (Composer) Dec 3, 2021
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the... High Unreviewed
CVE-2021-29756 was published Dec 4, 2021
b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User... High Unreviewed
CVE-2021-31631 was published Dec 7, 2021
Serv-U server responds with valid CSRFToken when the request contains only Session. High Unreviewed
CVE-2021-35242 was published Dec 7, 2021
The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in... High Unreviewed
CVE-2021-24914 was published Dec 7, 2021
A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user... High Unreviewed
CVE-2020-19682 was published Dec 10, 2021
The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation... High Unreviewed
CVE-2021-24945 was published Dec 14, 2021
Cross Site Request Forgery in mailman High
CVE-2021-44227 was published for mailman (pip) Dec 16, 2021
Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1.* when you upload an html... High Unreviewed
CVE-2021-45017 was published Dec 17, 2021
Cross-site Request Forgery (CSRF) High
CVE-2017-1000069 was published for github.com/bitly/oauth2_proxy (Go) Dec 20, 2021
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered... High Unreviewed
CVE-2021-36887 was published Dec 21, 2021
The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to... High Unreviewed
CVE-2021-24981 was published Dec 22, 2021
Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon –... High Unreviewed
CVE-2021-36886 was published Dec 23, 2021
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to... High Unreviewed
CVE-2020-20593 was published Dec 24, 2021
A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft... High Unreviewed
CVE-2020-20945 was published Dec 28, 2021
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers... High Unreviewed
CVE-2020-21236 was published Dec 29, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most... High Unreviewed
CVE-2021-20165 was published Dec 31, 2021
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4130 was published for snipe/snipe-it (Composer) Jan 5, 2022
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4131 was published for remdex/livehelperchat (Composer) Jan 5, 2022
Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12 High
CVE-2020-28452 was published for com.softwaremill.akka-http-session:core_2.12 (Maven) Jan 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database