Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,360 advisories

Loading
Cross-Site Request Forgery (CSRF) Moderate
GHSA-wj5j-xpcj-45gc was published for devise_invitable (RubyGems) Feb 24, 2021 withdrawn
CSRF and DNS Rebinding in Oasis Moderate
CVE-2020-11003 was published for @fraction/oasis (npm) Apr 16, 2020
christianbundy zozs
Sensitive information exposure through logs in npm-registry-fetch Moderate
GHSA-jmqm-f2gx-4fjv was published for npm-registry-fetch (npm) Jul 7, 2020
CSRF Vulnerability in polaris-website Moderate
GHSA-whrh-9j4q-g7ph was published for polaris-website (npm) Aug 5, 2020
CSRF vulnerability in save-server Moderate
CVE-2020-15135 was published for save-server (npm) Aug 4, 2020
CSRF in Play Framework Moderate
CVE-2020-12480 was published for com.typesafe.play:play_2.12 (Maven) Aug 18, 2020
XSS due to lack of CSRF validation for replying/publishing Moderate
CVE-2020-15156 was published for nodebb-plugin-blog-comments (npm) Aug 26, 2020
gwynnarth
CSRF Vulnerability in jquery-ujs Moderate
GHSA-6qqj-rx4w-r3cj was published for jquery-ujs (npm) Aug 31, 2020
kube-httpcache is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
GHSA-47xh-qxqv-mgvg was published for github.com/mittwald/kube-httpcache (Go) Dec 2, 2022
kbcasagrande
CakePHP has incorrect Cross-Site Request Forgery validation Moderate
GHSA-829q-v5g8-hhxc was published for cakephp/cakephp (Composer) Jan 20, 2023
Fat Free CRM contains Cross-site Request Forgery vulnerablilities Moderate
CVE-2013-7223 was published for fat_free_crm (RubyGems) May 17, 2022
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions... Moderate Unreviewed
CVE-2023-0403 was published Jan 19, 2023
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24437 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25212 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault
Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs,... Moderate Unreviewed
CVE-2022-26101 was published Mar 11, 2022
Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0... Moderate Unreviewed
CVE-2011-0642 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1... Moderate Unreviewed
CVE-2011-0629 was published May 17, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration screen in wp... Moderate Unreviewed
CVE-2011-0760 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in admin/conf_users_edit.php in PHP Link... Moderate Unreviewed
CVE-2011-0643 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3... Moderate Unreviewed
CVE-2011-0440 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard)... Moderate Unreviewed
CVE-2010-4627 was published May 17, 2022
Predictable CSRF tokens in centreon/centreon Moderate
CVE-2021-28055 was published for centreon/centreon (Composer) Jun 8, 2021
The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting... Moderate Unreviewed
CVE-2022-0616 was published Mar 22, 2022
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. Moderate Unreviewed
CVE-2022-0515 was published Mar 22, 2022
An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can... Moderate Unreviewed
CVE-2021-43737 was published Mar 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database