GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
92 advisories
Filter by severity
Elefant CMS CSRF Vulnerability
High
CVE-2018-16387
was published
for
elefant/cms
(Composer)
May 14, 2022
Moodle CSRF Vulnerability
High
CVE-2019-10186
was published
for
moodle/moodle
(Composer)
May 24, 2022
phpMyAdmin CSRF Vulnerability
High
CVE-2017-1000499
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Cross Site Request Forgery in Moodle
High
CVE-2022-0335
was published
for
moodle/moodle
(Composer)
Jan 28, 2022
Subrion CMS CSRF Vulnerability
High
CVE-2017-15063
was published
for
intelliants/subrion
(Composer)
May 14, 2022
Pagekit File Upload vulnerability
High
CVE-2019-19013
was published
for
pagekit/pagekit
(Composer)
May 24, 2022
Subrion CMS CSRF Vulnerability
High
CVE-2019-7357
was published
for
intelliants/subrion
(Composer)
May 24, 2022
Subrion CMS CSRF Vulnerability
High
CVE-2018-21037
was published
for
intelliants/subrion
(Composer)
May 24, 2022
Subrion CMS vulnerable to CSRF in admin/blocks/add
High
CVE-2017-6068
was published
for
intelliants/subrion
(Composer)
May 14, 2022
Subrion CMS vulnerable to CSRF in blog/delete
High
CVE-2017-18366
was published
for
intelliants/subrion
(Composer)
May 14, 2022
Cockpit CMS Cross-Site Request Forgery vulnerability
High
CVE-2023-37650
was published
for
cockpit-hq/cockpit
(Composer)
Jul 20, 2023
GilaCMS Cross Site Request Forgery vulnerability
High
CVE-2020-20726
was published
for
gilacms/gila
(Composer)
Jun 20, 2023
Cross-Site Request Forgery (CSRF) in snipe/snipe-it
High
CVE-2023-5511
was published
for
snipe/snipe-it
(Composer)
Oct 11, 2023
WooCommerce Cross-Site Request Forgery (CSRF)
High
CVE-2019-20891
was published
for
woocommerce/woocommerce
(Composer)
May 24, 2022
Cross Site Request Forgery in SwiftyEdit
High
CVE-2023-47350
was published
for
swiftyedit/swiftyedit
(Composer)
Nov 22, 2023
Moodle Cross-site request forgery (CSRF) vulnerability
High
CVE-2016-3734
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
High
CVE-2015-5338
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site request forgery (CSRF) vulnerability
High
CVE-2016-2157
was published
for
moodle/moodle
(Composer)
May 13, 2022
Magento 2 Community Edition RCE Vulnerability via CSRF
High
CVE-2019-8109
was published
for
magento/community-edition
(Composer)
May 24, 2022
Backend Same-Site Request Forgery in TYPO3 CMS
High
CVE-2020-11069
was published
for
typo3/cms
(Composer)
May 13, 2020
Cross-Site-Request-Forgery in Backend
High
CVE-2021-41113
was published
for
typo3/cms
(Composer)
Oct 5, 2021
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability
High
CVE-2020-13663
was published
for
drupal/core
(Composer)
May 24, 2022
Silverstripe CSRF Protection Bypass via GraphQL
High
CVE-2019-12437
was published
for
silverstripe/graphql
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API