GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,274 advisories
Filter by severity
Cross-Site Request Forgery (CSRF)
Moderate
GHSA-wj5j-xpcj-45gc
was published
for
devise_invitable
(RubyGems)
Feb 24, 2021
•
withdrawn
CSRF and DNS Rebinding in Oasis
Moderate
CVE-2020-11003
was published
for
@fraction/oasis
(npm)
Apr 16, 2020
Sensitive information exposure through logs in npm-registry-fetch
Moderate
GHSA-jmqm-f2gx-4fjv
was published
for
npm-registry-fetch
(npm)
Jul 7, 2020
CSRF Vulnerability in polaris-website
Moderate
GHSA-whrh-9j4q-g7ph
was published
for
polaris-website
(npm)
Aug 5, 2020
CSRF in Play Framework
Moderate
CVE-2020-12480
was published
for
com.typesafe.play:play_2.12
(Maven)
Aug 18, 2020
CSRF vulnerability in save-server
Moderate
CVE-2020-15135
was published
for
save-server
(npm)
Aug 4, 2020
XSS due to lack of CSRF validation for replying/publishing
Moderate
CVE-2020-15156
was published
for
nodebb-plugin-blog-comments
(npm)
Aug 26, 2020
CSRF Vulnerability in jquery-ujs
Moderate
GHSA-6qqj-rx4w-r3cj
was published
for
jquery-ujs
(npm)
Aug 31, 2020
kube-httpcache is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
GHSA-47xh-qxqv-mgvg
was published
for
github.com/mittwald/kube-httpcache
(Go)
Dec 2, 2022
CakePHP has incorrect Cross-Site Request Forgery validation
Moderate
GHSA-829q-v5g8-hhxc
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
Modoboa is vulnerable to Cross-Site Request Forgery
Moderate
CVE-2023-0398
was published
for
modoboa
(pip)
Jan 19, 2023
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Moderate
CVE-2013-7223
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Cross-Site Request Forgery in modoboa
Moderate
CVE-2023-0438
was published
for
modoboa
(pip)
Jan 23, 2023
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions...
Moderate
Unreviewed
CVE-2023-0403
was published
Jan 19, 2023
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin
Moderate
CVE-2023-24437
was published
for
org.jenkins-ci.plugins:jira-steps
(Maven)
Jan 26, 2023
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25212
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs,...
Moderate
Unreviewed
CVE-2022-26101
was published
Mar 11, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration screen in wp...
Moderate
Unreviewed
CVE-2011-0760
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0...
Moderate
Unreviewed
CVE-2011-0642
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1...
Moderate
Unreviewed
CVE-2011-0629
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in admin/conf_users_edit.php in PHP Link...
Moderate
Unreviewed
CVE-2011-0643
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3...
Moderate
Unreviewed
CVE-2011-0440
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard)...
Moderate
Unreviewed
CVE-2010-4627
was published
May 17, 2022
Predictable CSRF tokens in centreon/centreon
Moderate
CVE-2021-28055
was published
for
centreon/centreon
(Composer)
Jun 8, 2021
The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting...
Moderate
Unreviewed
CVE-2022-0616
was published
Mar 22, 2022
ProTip!
Advisories are also available from the
GraphQL API