GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,655
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
349 advisories
Filter by severity
Cross-Site Request Forgery (CSRF) in strawberry-graphql
Moderate
CVE-2024-47082
was published
for
strawberry-graphql
(pip)
Sep 25, 2024
modoboa Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-5690
was published
for
modoboa
(pip)
Oct 20, 2023
Cross-Site Request Forgery in JupyterHub
Moderate
CVE-2020-36191
was published
for
jupyterhub
(pip)
May 24, 2022
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-39410
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-39409
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Magento Open Source Cross-Site Request Forgery vulnerability
Moderate
CVE-2024-39408
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Lunary Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-6862
was published
for
lunary
(npm)
Sep 13, 2024
archivy is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4162
was published
for
archivy
(pip)
Jan 6, 2022
mongo-express Cross-site Request Forgery vulnerability
Moderate
CVE-2023-52555
was published
for
mongo-express
(npm)
Mar 1, 2024
Mattermost Cross-Site Request Forgery vulnerability
Moderate
CVE-2024-40886
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Hono CSRF middleware can be bypassed using crafted Content-Type header
Moderate
CVE-2024-43787
was published
for
hono
(npm)
Aug 22, 2024
Cross-Site Request Forgery (CSRF) in automad/automad
Moderate
CVE-2023-7038
was published
for
automad/automad
(Composer)
Dec 21, 2023
Cross-Site Request Forgery in Spina
Moderate
CVE-2024-7106
was published
for
spina
(RubyGems)
Jul 25, 2024
ProcessWire Cross Site Request Forgery vulnerability
Moderate
CVE-2024-41597
was published
for
processwire/processwire
(Composer)
Jul 19, 2024
Moodle CSRF risks due to misuse of confirm_sesskey
Moderate
CVE-2024-38276
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-49673
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Nov 29, 2023
Axios Cross-Site Request Forgery Vulnerability
Moderate
CVE-2023-45857
was published
for
axios
(npm)
Nov 8, 2023
Zend-Diactoros URL Rewrite vulnerability
Moderate
GHSA-fq4p-86hh-42v9
was published
for
zendframework/zend-diactoros
(Composer)
Jun 7, 2024
Zendframework URL Rewrite vulnerability
Moderate
GHSA-fh7r-58q4-6387
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Moodle Logout CSRF in admin/tool/mfa/auth.php
Moderate
CVE-2024-34007
was published
for
moodle/moodle
(Composer)
May 31, 2024
CSRF vulnerability in Jenkins Nomad Plugin allow SSRF
Moderate
CVE-2019-10292
was published
for
org.jenkins-ci.plugins:kmap-jenkins
(Maven)
May 13, 2022
Sylius Resource Bundle Cross-Site Request Forgery vulnerability
Moderate
GHSA-65v7-wg35-2qpm
was published
for
sylius/resource-bundle
(Composer)
May 29, 2024
Silverstripe Missing CSRF protection in login form
Moderate
GHSA-vj2j-6g3w-4662
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter
Moderate
GHSA-2hpc-mf4q-j885
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe Forum Module CSRF Vulnerability
Moderate
GHSA-w8fq-xgvh-cxc2
was published
for
silverstripe/forum
(Composer)
May 23, 2024
ProTip!
Advisories are also available from the
GraphQL API