Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,740
Maven
5,000+
npm
4,338
NuGet
765
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,516 advisories

Loading
Cross-Site Request Forgery in Filebrowser High
CVE-2021-46398 was published for github.com/filebrowser/filebrowser/v2 (Go) Feb 5, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and... High Unreviewed
CVE-2021-25095 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX... High Unreviewed
CVE-2021-24879 was published Feb 8, 2022
Cross Site Request Forgery in Gitea High
CVE-2021-45326 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of... High Unreviewed
CVE-2021-37198 was published Feb 10, 2022
Cross-Site Request Forgery in xwiki-platform High
CVE-2021-32732 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Feb 10, 2022
A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulnerability exists that could... High Unreviewed
CVE-2022-22808 was published Feb 11, 2022
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to... High Unreviewed
CVE-2022-22811 was published Feb 11, 2022
Cross Site Request Forgery in concrete5/concrete5 High
CVE-2021-22954 was published for concrete5/concrete5 (Composer) Feb 11, 2022
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that... High Unreviewed
CVE-2020-7534 was published Feb 11, 2022
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows... High Unreviewed
CVE-2021-45268 was published Feb 11, 2022
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) High Unreviewed
CVE-2022-0196 was published Feb 11, 2022
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) High Unreviewed
CVE-2022-0197 was published Feb 11, 2022
Cross-Site Request Forgery in Magnolia CMS High
CVE-2021-46366 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
etcd Cross-site Request Forgery (CSRF) High
CVE-2018-1098 was published for go.etcd.io/etcd/v3 (Go) Feb 15, 2022
CSRF vulnerability in Jenkins Chef Sinatra Plugin allow XXE High
CVE-2022-25207 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault
Credited to NotMyFault
Cross-Site Request Forgery in Jenkins dbCharts Plugin High
CVE-2022-25205 was published for org.jenkins-ci.plugins:dbCharts (Maven) Feb 16, 2022
NotMyFault
Credited to NotMyFault
CSRF vulnerability in Jenkins SCP publisher Plugin High
CVE-2022-25198 was published for org.jenkins-ci.plugins:scp (Maven) Feb 16, 2022
NotMyFault
Credited to NotMyFault
CSRF vulnerability in Jenkins autonomiq plugin High
CVE-2022-25194 was published for io.jenkins.plugins:autonomiq (Maven) Feb 16, 2022
westonsteimel NotMyFault
Credited to westonsteimel and NotMyFault
YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add High Unreviewed
CVE-2022-23384 was published Feb 16, 2022
In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request... High Unreviewed
CVE-2022-25241 was published Feb 17, 2022
In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF). High Unreviewed
CVE-2022-25242 was published Feb 17, 2022
Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in... High Unreviewed
CVE-2022-23983 was published Feb 22, 2022
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert... High Unreviewed
CVE-2022-0134 was published Feb 22, 2022
A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware... High Unreviewed
CVE-2021-4030 was published Feb 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database