Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,492 advisories

Loading
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in... Moderate Unreviewed
CVE-2021-24805 was published Apr 26, 2022
Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function... Moderate Unreviewed
CVE-2022-44937 was published Nov 28, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2018-1000195 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2017-2613 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,... Moderate Unreviewed
CVE-2022-3747 was published Nov 29, 2022
Kirby CMS 2.5.12 Cross-site Request Forgery Moderate
CVE-2018-14519 was published for getkirby/cms (Composer) Aug 25, 2022
Froxlor vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2022-3017 was published for froxlor/froxlor (Composer) Aug 29, 2022
The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2022-3898 was published Nov 29, 2022
The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and... Moderate Unreviewed
CVE-2020-35773 was published May 24, 2022
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. Moderate Unreviewed
CVE-2020-28040 was published May 24, 2022
The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and... Moderate Unreviewed
CVE-2021-24822 was published Nov 30, 2021
Cross-Site Request Forgery in Apache Tomcat Moderate
CVE-2012-4431 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. CSRF can... Moderate Unreviewed
CVE-2020-25252 was published May 24, 2022
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and... Moderate Unreviewed
CVE-2021-24730 was published Mar 1, 2022
The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation... Moderate Unreviewed
CVE-2021-24836 was published Dec 14, 2021
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by... Moderate Unreviewed
CVE-2020-23376 was published May 24, 2022
The Entity Embed module provides a filter to allow embedding entities in content fields. In... Moderate Unreviewed
CVE-2020-13673 was published Feb 12, 2022
Cross-Site Request Forgery in Jolokia Moderate
CVE-2014-0168 was published for org.jolokia:jolokia-core (Maven) May 17, 2022
Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows... Moderate Unreviewed
CVE-2010-2039 was published May 17, 2022
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification... Moderate Unreviewed
CVE-2021-21729 was published May 24, 2022
Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF)... Moderate Unreviewed
CVE-2021-25327 was published May 24, 2022
The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on... Moderate Unreviewed
CVE-2022-0642 was published May 31, 2022
XWiki Cross-Site Request Forgery (CSRF) for actions on tags Moderate
CVE-2022-36095 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Sep 16, 2022
Cross-site request forgery (CSRF) vulnerability in user/user-set.do in Pacific Timesheet 6.74... Moderate Unreviewed
CVE-2010-2111 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0),... Moderate Unreviewed
CVE-2008-6744 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database