Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

6,133 advisories

Loading
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows... High Unreviewed
CVE-2021-45268 was published Feb 11, 2022
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that... High Unreviewed
CVE-2020-7534 was published Feb 11, 2022
Cross Site Request Forgery in concrete5/concrete5 High
CVE-2021-22954 was published for concrete5/concrete5 (Composer) Feb 11, 2022
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to... High Unreviewed
CVE-2022-22811 was published Feb 11, 2022
A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulnerability exists that could... High Unreviewed
CVE-2022-22808 was published Feb 11, 2022
Cross-Site Request Forgery in xwiki-platform High
CVE-2021-32732 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Feb 10, 2022
Cross-Site Request Forgery in CakePHP Moderate
CVE-2020-15400 was published for cakephp/cakephp (Composer) Feb 10, 2022
markstory
A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of... High Unreviewed
CVE-2021-37198 was published Feb 10, 2022
Cross-Site Request Forgery Moderate
CVE-2020-7780 was published for com.softwaremill.akka-http-session:core_2.11 (Maven) Feb 9, 2022
Cross-Site Request Forgery in microweber Moderate
CVE-2022-0505 was published for microweber/microweber (Composer) Feb 9, 2022
Cross Site Request Forgery in Gitea High
CVE-2021-45326 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
The MAZ Loader WordPress plugin through 1.3.4 does not enforce nonce checks, which allows... Moderate Unreviewed
CVE-2021-24668 was published Feb 8, 2022
BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full... Critical Unreviewed
CVE-2021-31589 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX... Moderate Unreviewed
CVE-2021-24843 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its... Moderate Unreviewed
CVE-2021-24839 was published Feb 8, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and... High Unreviewed
CVE-2021-25095 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX... High Unreviewed
CVE-2021-24879 was published Feb 8, 2022
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF... Moderate Unreviewed
CVE-2021-24993 was published Feb 8, 2022
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and... Moderate Unreviewed
CVE-2021-24947 was published Feb 8, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the... Moderate Unreviewed
CVE-2021-25108 was published Feb 8, 2022
Cross-Site Request Forgery in Filebrowser High
CVE-2021-46398 was published for github.com/filebrowser/filebrowser/v2 (Go) Feb 5, 2022
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could... High Unreviewed
CVE-2021-39044 was published Feb 3, 2022
The Error Log Viewer WordPress plugin through 1.1.1 does not perform nonce check when deleting a... Moderate Unreviewed
CVE-2021-24761 was published Feb 2, 2022
The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF... High Unreviewed
CVE-2021-24763 was published Feb 2, 2022
The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF... Moderate Unreviewed
CVE-2021-25072 was published Feb 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database