GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,704 advisories
Filter by severity
OrientDB-Server vulnerable to Cross-Site Request Forgery
High
CVE-2015-2912
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
Cross-Site Request Forgery (CSRF) in keystone
High
CVE-2017-16570
was published
for
keystone
(npm)
Nov 30, 2017
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons
High
CVE-2018-20595
was published
for
org.hswebframework.web:hsweb-commons
(Maven)
Jan 4, 2019
Cross-Site Request Forgery (CSRF) in Auth0
High
CVE-2018-6874
was published
for
auth0-js
(npm)
Nov 6, 2018
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
High
CVE-2022-43719
was published
for
apache-superset
(pip)
Jan 16, 2023
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function...
High
Unreviewed
CVE-2019-13477
was published
May 24, 2022
Cross Site Request Forgery in mailman
High
CVE-2021-44227
was published
for
mailman
(pip)
Dec 16, 2021
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and...
High
Unreviewed
CVE-2022-25600
was published
Mar 12, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally...
High
Unreviewed
CVE-2021-45886
was published
Mar 14, 2022
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site...
High
Unreviewed
CVE-2022-22346
was published
Mar 15, 2022
Cross-site Request Forgery in fastify-csrf
High
CVE-2020-28482
was published
for
fastify-csrf
(npm)
Jan 20, 2021
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to...
High
Unreviewed
CVE-2022-27226
was published
Mar 20, 2022
A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers...
High
Unreviewed
CVE-2022-24235
was published
Mar 22, 2022
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary...
High
Unreviewed
CVE-2021-40662
was published
Mar 22, 2022
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history...
High
Unreviewed
CVE-2022-25268
was published
Mar 25, 2022
TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is...
High
Unreviewed
CVE-2022-25523
was published
Mar 26, 2022
An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that...
High
Unreviewed
CVE-2021-43738
was published
Mar 24, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
High
Unreviewed
CVE-2022-23349
was published
Mar 22, 2022
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE...
High
Unreviewed
CVE-2022-0427
was published
Mar 29, 2022
The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in...
High
Unreviewed
CVE-2022-0770
was published
Mar 29, 2022
The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when...
High
Unreviewed
CVE-2022-0499
was published
Mar 29, 2022
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators...
High
Unreviewed
CVE-2021-44312
was published
Mar 31, 2022
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password...
High
Unreviewed
CVE-2022-27432
was published
Mar 31, 2022
ProTip!
Advisories are also available from the
GraphQL API