GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,832
Maven
5,000+
npm
3,573
NuGet
632
pip
3,158
Pub
10
RubyGems
847
Rust
797
Swift
34
Unreviewed advisories
All unreviewed
5,000+
303 advisories
Filter by severity
Cross-Site Request Forgery in Anchor CMS
High
CVE-2024-29499
was published
for
anchorcms/anchor-cms
(Composer)
Mar 22, 2024
Cross-Site Request Forgery (CSRF) in Apache Airflow
High
CVE-2017-17835
was published
for
apache-airflow
(pip)
Jan 25, 2019
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
High
CVE-2024-28233
was published
for
jupyterhub
(pip)
Mar 28, 2024
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations
High
CVE-2024-2196
was published
for
aim
(pip)
Apr 10, 2024
High severity vulnerability that affects io.vertx:vertx-web
High
CVE-2018-12540
was published
for
io.vertx:vertx-web
(Maven)
Oct 17, 2018
Dolibarr vulnerable to Cross-Site Request Forgery
High
CVE-2024-31503
was published
for
dolibarr/dolibarr
(Composer)
Apr 17, 2024
ESPHome vulnerable to Authentication bypass via Cross site request forgery
High
CVE-2024-29019
was published
for
esphome
(pip)
Mar 21, 2024
CSRF token missing in Symfony
High
CVE-2022-23601
was published
for
symfony/framework-bundle
(Composer)
Feb 1, 2022
QuickAppsCMS Cross-Site Request Forgery (CSRF)
High
CVE-2018-17102
was published
for
quickapps/cms
(Composer)
May 14, 2022
QuickAppsCMS Cross-Site Request Forgery (CSRF)
High
CVE-2018-9108
was published
for
quickapps/cms
(Composer)
May 14, 2022
OpenCart Cross-Site Request Forgery (CSRF)
High
CVE-2018-13067
was published
for
opencart/opencart
(Composer)
May 14, 2022
Mautic Cross-Site Request Forgery (CSRF)
High
CVE-2017-8874
was published
for
mautic/core
(Composer)
May 13, 2022
Bolt Cross Site Request Forgery (CSRF)
High
CVE-2019-10874
was published
for
bolt/bolt
(Composer)
May 13, 2022
Moodle Login CSRF vulnerability in login form
High
CVE-2018-16854
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Cross-Site Request Forgery (CSRF)
High
CVE-2022-2986
was published
for
moodle/moodle
(Composer)
Oct 6, 2022
phpMyAdmin CSRF vulnerability allowing arbitrary SQL execution
High
CVE-2018-10188
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Image Resizer Cross-Site Request Forgery (CSRF)
High
CVE-2020-13458
was published
for
verbb/image-resizer
(Composer)
May 24, 2022
phpBB Cross-Site Request Forgery (CSRF)
High
CVE-2019-16993
was published
for
phpbb/phpbb
(Composer)
May 24, 2022
WPGlobus plugin Stored XSS & CSRF security vulnerability
High
CVE-2018-5361
was published
for
wpglobus/wpglobus
(Composer)
May 13, 2022
Yii Framework Cross-Site Request Forgery (CSRF)
High
CVE-2018-6009
was published
for
yiisoft/yii2
(Composer)
May 14, 2022
NukeViet Cross-Site Request Forgery (CSRF)
High
CVE-2020-13155
was published
for
nukeviet/nukeviet
(Composer)
May 24, 2022
Grav CMS Cross-Site Request Forgery (CSRF)
High
CVE-2020-29553
was published
for
getgrav/grav
(Composer)
May 24, 2022
ThinkCMF Cross Site Request Forgery (CSRF) vulnerability
High
CVE-2022-40489
was published
for
thinkcmf/thinkcmf
(Composer)
Dec 1, 2022
Duplicate Advisory: Cross-Site Request Forgery in easyii CMS
High
CVE-2022-3772
was published
for
noumo/easyii
(Composer)
Oct 31, 2022
•
withdrawn
Subrion CMS Cross-Site Request Forgery (CSRF) vulnerability
High
CVE-2019-20390
was published
for
intelliants/subrion
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API