GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
209 advisories
Filter by severity
CakePHP has incorrect Cross-Site Request Forgery validation
Moderate
GHSA-829q-v5g8-hhxc
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
Predictable CSRF tokens in centreon/centreon
Moderate
CVE-2021-28055
was published
for
centreon/centreon
(Composer)
Jun 8, 2021
Cross-Site Request Forgery in Anchor CMS
Moderate
CVE-2022-25576
was published
for
anchorcms/anchor-cms
(Composer)
Mar 26, 2022
Cross-Site Request Forgery in YOURLS
Low
CVE-2022-0088
was published
for
yourls/yourls
(Composer)
Apr 4, 2022
Froxlor vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2022-3017
was published
for
froxlor/froxlor
(Composer)
Aug 29, 2022
Kirby CMS 2.5.12 Cross-site Request Forgery
Moderate
CVE-2018-14519
was published
for
getkirby/cms
(Composer)
Aug 25, 2022
Cross-Site Request Forgery in Elefant CMS
High
CVE-2017-20062
was published
for
elefant/cms
(Composer)
Jun 21, 2022
CSRF issue on preview pages in Bolt CMS
High
CVE-2020-4040
was published
for
bolt/bolt
(Composer)
Jun 9, 2020
Concrete CMS vulnerable to Cross-site Request Forgery
High
CVE-2022-43693
was published
for
concrete5/concrete5
(Composer)
Nov 14, 2022
Malfunction of CSRF token validation in Shopware
High
CVE-2022-24879
was published
for
shopware/shopware
(Composer)
Apr 28, 2022
ProcessWire vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-40488
was published
for
processwire/processwire
(Composer)
Oct 31, 2022
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter
High
CVE-2015-8379
was published
for
cakephp/cakephp
(Composer)
May 14, 2022
CakePHP allows method override parameters to bypass CSRF checks
High
CVE-2020-35239
was published
for
cakephp/cakephp
(Composer)
May 24, 2022
CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection
Moderate
CVE-2022-35943
was published
for
codeigniter4/shield
(Composer)
Aug 18, 2022
Cross-Site Request Forgery in Moodle
Moderate
CVE-2022-45149
was published
for
moodle/moodle
(Composer)
Nov 23, 2022
Observable Timing Discrepancy in OpenMage LTS
High
CVE-2020-15151
was published
for
openmage/magento-lts
(Composer)
Aug 19, 2020
Cross-Site Request Forgery in ForkCMS
High
CVE-2020-23960
was published
for
forkcms/forkcms
(Composer)
May 6, 2021
Cross-Site Request Forgery in MAGMI
Moderate
CVE-2020-5776
was published
for
dweeves/magmi
(Composer)
May 6, 2021
Cross-Site Request Forgery in forkcms
High
CVE-2020-23264
was published
for
forkcms/forkcms
(Composer)
Jun 22, 2021
Cross-Site Request Forgery in firefly-iii
Moderate
CVE-2021-3819
was published
for
grumpydictator/firefly-iii
(Composer)
Sep 29, 2021
Cross-Site Request Forgery in snipe-it
Moderate
CVE-2021-3858
was published
for
snipe/snipe-it
(Composer)
Oct 21, 2021
Cross-Site Request Forgery in GilaCMS
High
CVE-2020-20693
was published
for
gilacms/gila
(Composer)
Sep 30, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3683
was published
for
showdoc/showdoc
(Composer)
Nov 15, 2021
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3931
was published
for
snipe/snipe-it
(Composer)
Nov 15, 2021
Improper Restriction of Rendered UI Layers or Frames in yourls
Moderate
CVE-2021-3734
was published
for
yourls/yourls
(Composer)
Aug 30, 2021
ProTip!
Advisories are also available from the
GraphQL API