GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
Firebase vulnerable to CRSF attack
Low
CVE-2024-4128
was published
for
firebase-tools
(npm)
May 2, 2024
A potential security vulnerability has been identified in Hewlett Packard Enterprise...
Low
Unreviewed
CVE-2024-22438
was published
Apr 15, 2024
Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a...
Low
Unreviewed
CVE-2024-31265
was published
Apr 12, 2024
Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery
Low
CVE-2024-23319
was published
for
github.com/mattermost/mattermost-plugin-jira
(Go)
Feb 9, 2024
The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all...
Low
Unreviewed
CVE-2023-7048
was published
Jan 11, 2024
Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an...
Low
Unreviewed
CVE-2023-6251
was published
Nov 24, 2023
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
Low
Unreviewed
CVE-2023-5898
was published
Nov 1, 2023
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
Low
Unreviewed
CVE-2023-5899
was published
Nov 1, 2023
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
Low
Unreviewed
CVE-2023-5893
was published
Nov 1, 2023
Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785...
Low
Unreviewed
CVE-2023-43295
was published
Oct 31, 2023
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16.
Low
Unreviewed
CVE-2023-5626
was published
Oct 18, 2023
Sensitive information manipulation due to cross-site request forgery. The following products are...
Low
Unreviewed
CVE-2023-44161
was published
Sep 27, 2023
Sensitive information manipulation due to cross-site request forgery. The following products are...
Low
Unreviewed
CVE-2023-44160
was published
Sep 27, 2023
CSRF vulnerability in Jenkins Frugal Testing Plugin
Low
CVE-2023-41946
was published
for
io.jenkins.plugins:frugal-testing
(Maven)
Sep 6, 2023
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote...
Low
Unreviewed
CVE-2023-39061
was published
Aug 21, 2023
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by...
Low
Unreviewed
CVE-2023-3209
was published
Jul 10, 2023
CSRF vulnerability in Synopsys Jenkins Coverity Plugin
Low
CVE-2023-23847
was published
for
org.jenkins-ci.plugins:synopsys-coverity
(Maven)
Feb 15, 2023
The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which...
Low
Unreviewed
CVE-2022-4309
was published
Jan 16, 2023
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF...
Low
Unreviewed
CVE-2022-4102
was published
Jan 10, 2023
Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the...
Low
Unreviewed
CVE-2022-45228
was published
Dec 12, 2022
A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version:...
Low
Unreviewed
CVE-2020-23587
was published
Nov 23, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF
Low
CVE-2022-41925
was published
for
tailscale.com/cmd
(Go)
Nov 21, 2022
A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET...
Low
Unreviewed
CVE-2022-30694
was published
Nov 8, 2022
A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and...
Low
Unreviewed
CVE-2022-3582
was published
Oct 18, 2022
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
Low
CVE-2022-31000
was published
for
solidus_backend
(RubyGems)
Jun 1, 2022
ProTip!
Advisories are also available from the
GraphQL API