Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,032
Erlang
29
GitHub Actions
18
Go
1,838
Maven
5,000+
npm
3,577
NuGet
634
pip
3,162
Pub
10
RubyGems
849
Rust
800
Swift
34
Unreviewed advisories
All unreviewed
5,000+

102 advisories

Loading
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3993 was published for showdoc/showdoc (Composer) Dec 3, 2021
Cross-Site Request Forgery in kimai2 Moderate
CVE-2021-4033 was published for kevinpapst/kimai2 (Composer) Dec 10, 2021
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4092 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
pimcore is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4082 was published for pimcore/pimcore (Composer) Dec 16, 2021
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4123 was published for remdex/livehelperchat (Composer) Dec 17, 2021
Froxlor vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-4867 was published for froxlor/froxlor (Composer) Dec 31, 2022
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4168 was published for showdoc/showdoc (Composer) Jan 6, 2022
Cross-Site Request Forgery in Moodle Moderate
CVE-2020-1692 was published for moodle/moodle (Composer) Jan 6, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat Moderate
CVE-2022-0245 was published for livehelperchat/livehelperchat (Composer) Jan 21, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat Moderate
CVE-2022-0231 was published for remdex/livehelperchat (Composer) Jan 26, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat Moderate
CVE-2022-0226 was published for remdex/livehelperchat (Composer) Jan 26, 2022
Cross-Site Request Forgery in microweber Moderate
CVE-2022-0505 was published for microweber/microweber (Composer) Feb 9, 2022
Cross-Site Request Forgery microweber Moderate
CVE-2022-0638 was published for microweber/microweber (Composer) Feb 18, 2022
Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4 Moderate
CVE-2022-24712 was published for codeigniter4/framework (Composer) Mar 1, 2022
magento-lts Reset Password not protected against well-timed CSRF Moderate
CVE-2021-21395 was published for openmage/magento-lts (Composer) Jan 26, 2023
Cross-Site Request Forgery (CSRF) in wallabag/wallabag Moderate
CVE-2023-0735 was published for wallabag/wallabag (Composer) Feb 8, 2023
Possible CSRF token fixation Moderate
CVE-2023-25170 was published for prestashop/prestashop (Composer) Mar 13, 2023
Cross-Site Request Forgery in Drupal core Moderate
CVE-2020-13674 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Microweber before v1.2.20 vulnerable to cross-site scripting Moderate
CVE-2022-2353 was published for microweber/microweber (Composer) Jul 10, 2022
Cross-Site Request Forgery in feehi/feehicms Moderate
CVE-2022-4014 was published for feehi/feehicms (Composer) Nov 16, 2022
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3728 was published for grumpydictator/firefly-iii (Composer) Aug 25, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3729 was published for grumpydictator/firefly-iii (Composer) Aug 25, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3730 was published for grumpydictator/firefly-iii (Composer) Aug 25, 2021
CSRF in PHP Server Monitor before 3.3.2 Moderate
CVE-2018-18921 was published for phpservermon/phpservermon (Composer) May 14, 2022
phpMyAdmin CSRF Vulnerability Moderate
CVE-2019-12616 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API