GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,274 advisories
Filter by severity
The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk...
Moderate
Unreviewed
CVE-2021-24749
was published
Nov 30, 2021
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the...
Moderate
Unreviewed
CVE-2021-24703
was published
Nov 24, 2021
Cross-site Scripting in kimai2
Moderate
CVE-2021-3976
was published
for
kevinpapst/kimai2
(Composer)
Nov 23, 2021
Cross-site Scripting in kimai2
Moderate
CVE-2021-3963
was published
for
kevinpapst/kimai2
(Composer)
Nov 23, 2021
Cross-site Scripting in kimai2
Moderate
CVE-2021-3957
was published
for
kevinpapst/kimai2
(Composer)
Nov 23, 2021
The disqualify lead action may be executed without CSRF token check
Moderate
CVE-2021-39198
was published
for
oro/crm
(Composer)
Nov 19, 2021
Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys
Moderate
CVE-2021-41273
was published
for
pterodactyl/panel
(Composer)
Nov 18, 2021
twill is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3932
was published
for
area17/twill
(Composer)
Nov 15, 2021
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3931
was published
for
snipe/snipe-it
(Composer)
Nov 15, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3921
was published
for
grumpydictator/firefly-iii
(Composer)
Nov 15, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3775
was published
for
showdoc/showdoc
(Composer)
Nov 15, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3683
was published
for
showdoc/showdoc
(Composer)
Nov 15, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3776
was published
for
showdoc/showdoc
(Composer)
Nov 15, 2021
Request injection in Spring Cloud Gateway
Moderate
CVE-2021-22051
was published
for
org.springframework.cloud:spring-cloud-gateway
(Maven)
Nov 10, 2021
Cross-Site Request Forgery in firefly-iii
Moderate
CVE-2021-3900
was published
for
grumpydictator/firefly-iii
(Composer)
Oct 28, 2021
Cross-Site Request Forgery in snipe-it
Moderate
CVE-2021-3858
was published
for
snipe/snipe-it
(Composer)
Oct 21, 2021
Cross-Site Request Forgery in firefly-iii
Moderate
CVE-2021-3819
was published
for
grumpydictator/firefly-iii
(Composer)
Sep 29, 2021
Older releases of better_errors open to Cross-Site Request Forgery attack
Moderate
CVE-2021-39197
was published
for
better_errors
(RubyGems)
Sep 7, 2021
Cross-site Request Forgery (CSRF) in joplin
Moderate
CVE-2021-23431
was published
for
joplin
(npm)
Sep 2, 2021
Improper Restriction of Rendered UI Layers or Frames in yourls
Moderate
CVE-2021-3734
was published
for
yourls/yourls
(Composer)
Aug 30, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3728
was published
for
grumpydictator/firefly-iii
(Composer)
Aug 25, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3730
was published
for
grumpydictator/firefly-iii
(Composer)
Aug 25, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3729
was published
for
grumpydictator/firefly-iii
(Composer)
Aug 25, 2021
No CSRF protection on the password change form
Moderate
CVE-2021-32730
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Jul 2, 2021
Cross-Site Request Forgery in the Jenkins Claim plugin
Moderate
CVE-2021-21620
was published
for
org.jenkins-ci.plugins:claim
(Maven)
Jun 16, 2021
ProTip!
Advisories are also available from the
GraphQL API