Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Firebase vulnerable to CRSF attack Low
CVE-2024-4128 was published for firebase-tools (npm) May 2, 2024
A potential security vulnerability has been identified in Hewlett Packard Enterprise... Low Unreviewed
CVE-2024-22438 was published Apr 15, 2024
Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a... Low Unreviewed
CVE-2024-31265 was published Apr 12, 2024
Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery Low
CVE-2024-23319 was published for github.com/mattermost/mattermost-plugin-jira (Go) Feb 9, 2024
The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Low Unreviewed
CVE-2023-7048 was published Jan 11, 2024
Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an... Low Unreviewed
CVE-2023-6251 was published Nov 24, 2023
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Low Unreviewed
CVE-2023-5898 was published Nov 1, 2023
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Low Unreviewed
CVE-2023-5899 was published Nov 1, 2023
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Low Unreviewed
CVE-2023-5893 was published Nov 1, 2023
Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785... Low Unreviewed
CVE-2023-43295 was published Oct 31, 2023
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16. Low Unreviewed
CVE-2023-5626 was published Oct 18, 2023
Sensitive information manipulation due to cross-site request forgery. The following products are... Low Unreviewed
CVE-2023-44161 was published Sep 27, 2023
Sensitive information manipulation due to cross-site request forgery. The following products are... Low Unreviewed
CVE-2023-44160 was published Sep 27, 2023
CSRF vulnerability in Jenkins Frugal Testing Plugin Low
CVE-2023-41946 was published for io.jenkins.plugins:frugal-testing (Maven) Sep 6, 2023
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote... Low Unreviewed
CVE-2023-39061 was published Aug 21, 2023
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by... Low Unreviewed
CVE-2023-3209 was published Jul 10, 2023
CSRF vulnerability in Synopsys Jenkins Coverity Plugin Low
CVE-2023-23847 was published for org.jenkins-ci.plugins:synopsys-coverity (Maven) Feb 15, 2023
The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which... Low Unreviewed
CVE-2022-4309 was published Jan 16, 2023
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF... Low Unreviewed
CVE-2022-4102 was published Jan 10, 2023
Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the... Low Unreviewed
CVE-2022-45228 was published Dec 12, 2022
A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version:... Low Unreviewed
CVE-2020-23587 was published Nov 23, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF Low
CVE-2022-41925 was published for tailscale.com/cmd (Go) Nov 21, 2022
emilytrau JJJollyjim
A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET... Low Unreviewed
CVE-2022-30694 was published Nov 8, 2022
A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and... Low Unreviewed
CVE-2022-3582 was published Oct 18, 2022
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend Low
CVE-2022-31000 was published for solidus_backend (RubyGems) Jun 1, 2022
ProTip! Advisories are also available from the GraphQL API