Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

5,680 advisories

Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during... High Unreviewed
CVE-2021-44036 was published Nov 20, 2021
The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to... High Unreviewed
CVE-2021-39353 was published Nov 20, 2021
We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0... High Unreviewed
CVE-2021-34358 was published Nov 21, 2021
Cross-site Scripting in kimai2 Moderate
CVE-2021-3957 was published for kevinpapst/kimai2 (Composer) Nov 23, 2021
Cross-site Scripting in kimai2 Moderate
CVE-2021-3963 was published for kevinpapst/kimai2 (Composer) Nov 23, 2021
Cross-site Scripting in kimai2 Moderate
CVE-2021-3976 was published for kevinpapst/kimai2 (Composer) Nov 23, 2021
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the... Moderate Unreviewed
CVE-2021-24703 was published Nov 24, 2021
Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to... High Unreviewed
CVE-2021-20845 was published Nov 25, 2021
The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to... High Unreviewed
CVE-2021-42358 was published Nov 30, 2021
The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce... High Unreviewed
CVE-2021-42364 was published Nov 30, 2021
The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk... Moderate Unreviewed
CVE-2021-24749 was published Nov 30, 2021
The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and... Moderate Unreviewed
CVE-2021-24822 was published Nov 30, 2021
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel... High Unreviewed
CVE-2021-43137 was published Dec 2, 2021
Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1... High Unreviewed
CVE-2021-20860 was published Dec 2, 2021
Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions... High Unreviewed
CVE-2021-20851 was published Dec 2, 2021
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving... Critical Unreviewed
CVE-2015-20105 was published Dec 3, 2021
bookstack is vulnerable to Cross-Site Request Forgery (CSRF) Low
CVE-2021-3944 was published for ssddanbrown/bookstack (Composer) Dec 3, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4017 was published for showdoc/showdoc (Composer) Dec 3, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3993 was published for showdoc/showdoc (Composer) Dec 3, 2021
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the... High Unreviewed
CVE-2021-29756 was published Dec 4, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4015 was published for grumpydictator/firefly-iii (Composer) Dec 6, 2021
b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User... High Unreviewed
CVE-2021-31631 was published Dec 7, 2021
Serv-U server responds with valid CSRFToken when the request contains only Session. High Unreviewed
CVE-2021-35242 was published Dec 7, 2021
The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in... High Unreviewed
CVE-2021-24914 was published Dec 7, 2021
A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user... High Unreviewed
CVE-2020-19682 was published Dec 10, 2021
ProTip! Advisories are also available from the GraphQL API