Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,706 advisories

Loading
NodeBB account takeover via SSO plugins High
CVE-2022-36076 was published for nodebb (npm) Sep 16, 2022
Cross-Site Request Forgery in OWASP CSRFGuard High
CVE-2021-28490 was published for org.owasp:csrfguard (Maven) May 24, 2022
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index. High Unreviewed
CVE-2020-20971 was published Jun 3, 2022
The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder... High Unreviewed
CVE-2020-35135 was published May 24, 2022
Sipwise C5 NGCP CSC through CE_m39.3.1 allows call/click2dial CSRF attacks for actions with... High Unreviewed
CVE-2021-31584 was published May 24, 2022
Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote attackers to gain local... High Unreviewed
CVE-2020-18648 was published May 24, 2022
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running... High Unreviewed
CVE-2021-34360 was published May 27, 2022
The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation... High Unreviewed
CVE-2022-1611 was published May 31, 2022
Cross Site Request Forgery in Mingsoft MCMS High
CVE-2022-29647 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute... High Unreviewed
CVE-2022-29735 was published Jun 3, 2022
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via... High Unreviewed
CVE-2021-44117 was published Jun 11, 2022
IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request... High Unreviewed
CVE-2022-22479 was published Jun 11, 2022
HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges. High Unreviewed
CVE-2017-7446 was published May 17, 2022
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability.... High Unreviewed
CVE-2017-7398 was published May 17, 2022
Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2... High Unreviewed
CVE-2017-10677 was published May 17, 2022
The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes... High Unreviewed
CVE-2021-24555 was published May 24, 2022
The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in... High Unreviewed
CVE-2021-24626 was published May 24, 2022
CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw... High Unreviewed
CVE-2017-8836 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco... High Unreviewed
CVE-2016-1470 was published May 17, 2022
A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56... High Unreviewed
CVE-2017-20020 was published Jun 10, 2022
The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place... High Unreviewed
CVE-2021-24565 was published May 24, 2022
HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP... High Unreviewed
CVE-2017-7447 was published May 17, 2022
Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in... High Unreviewed
CVE-2017-12651 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x... High Unreviewed
CVE-2016-6893 was published May 17, 2022
The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place... High Unreviewed
CVE-2022-1758 was published Jun 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database