GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,973
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,984
npm
3,519
NuGet
611
pip
3,097
Pub
10
RubyGems
834
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,496 advisories
Filter by severity
OrientDB-Server vulnerable to Cross-Site Request Forgery
High
CVE-2015-2912
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
Cross-Site Request Forgery (CSRF) in keystone
High
CVE-2017-16570
was published
for
keystone
(npm)
Nov 30, 2017
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons
High
CVE-2018-20595
was published
for
org.hswebframework.web:hsweb-commons
(Maven)
Jan 4, 2019
Cross-Site Request Forgery (CSRF) in Auth0
High
CVE-2018-6874
was published
for
auth0-js
(npm)
Nov 6, 2018
Cross-Site Request Forgery (CSRF) in Luigi
High
CVE-2018-1000843
was published
for
luigi
(pip)
Dec 20, 2018
python-engineio vulnerable to Cross-Site Request Forgery (CSRF)
High
CVE-2019-13611
was published
for
python-engineio
(pip)
Jul 30, 2019
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
High
CVE-2022-43719
was published
for
apache-superset
(pip)
Jan 16, 2023
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function...
High
Unreviewed
CVE-2019-13477
was published
May 24, 2022
Cross Site Request Forgery in mailman
High
CVE-2021-44227
was published
for
mailman
(pip)
Dec 16, 2021
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and...
High
Unreviewed
CVE-2022-25600
was published
Mar 12, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally...
High
Unreviewed
CVE-2021-45886
was published
Mar 14, 2022
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site...
High
Unreviewed
CVE-2022-22346
was published
Mar 15, 2022
Cross-site Request Forgery in fastify-csrf
High
CVE-2020-28482
was published
for
fastify-csrf
(npm)
Jan 20, 2021
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to...
High
Unreviewed
CVE-2022-27226
was published
Mar 20, 2022
A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers...
High
Unreviewed
CVE-2022-24235
was published
Mar 22, 2022
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary...
High
Unreviewed
CVE-2021-40662
was published
Mar 22, 2022
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history...
High
Unreviewed
CVE-2022-25268
was published
Mar 25, 2022
TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is...
High
Unreviewed
CVE-2022-25523
was published
Mar 26, 2022
An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that...
High
Unreviewed
CVE-2021-43738
was published
Mar 24, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
High
Unreviewed
CVE-2022-23349
was published
Mar 22, 2022
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE...
High
Unreviewed
CVE-2022-0427
was published
Mar 29, 2022
The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in...
High
Unreviewed
CVE-2022-0770
was published
Mar 29, 2022
The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when...
High
Unreviewed
CVE-2022-0499
was published
Mar 29, 2022
ProTip!
Advisories are also available from the
GraphQL API