GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,771
Maven
4,995
npm
3,541
NuGet
617
pip
3,120
Pub
10
RubyGems
838
Rust
788
Swift
34
Unreviewed advisories
All unreviewed
5,000+
5,756 advisories
Filter by severity
Cross-site Scripting in kimai2
Moderate
CVE-2021-3976
was published
for
kevinpapst/kimai2
(Composer)
Nov 23, 2021
Cross-site Scripting in kimai2
Moderate
CVE-2021-3963
was published
for
kevinpapst/kimai2
(Composer)
Nov 23, 2021
Cross-site Scripting in kimai2
Moderate
CVE-2021-3957
was published
for
kevinpapst/kimai2
(Composer)
Nov 23, 2021
We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0...
High
Unreviewed
CVE-2021-34358
was published
Nov 21, 2021
The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to...
High
Unreviewed
CVE-2021-39353
was published
Nov 20, 2021
Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during...
High
Unreviewed
CVE-2021-44036
was published
Nov 20, 2021
The disqualify lead action may be executed without CSRF token check
Moderate
CVE-2021-39198
was published
for
oro/crm
(Composer)
Nov 19, 2021
Cross-Site Request Forgery (CSRF) vulnerability leading to Database Reset in WordPress WP Reset...
High
Unreviewed
CVE-2021-36908
was published
Nov 19, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-gpqc-4pp7-5954
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-8xfw-5q82-3652
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-6mqr-q86q-6gwr
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
CVE-2021-41275
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-5629-8855-gf4g
was published
for
solidus_core
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
CVE-2021-41274
was published
for
solidus_auth_devise
(RubyGems)
Nov 18, 2021
Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys
Moderate
CVE-2021-41273
was published
for
pterodactyl/panel
(Composer)
Nov 18, 2021
Cross-Site Request Forgery in PiranhaCMS
High
CVE-2021-25976
was published
for
Piranha
(NuGet)
Nov 17, 2021
twill is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3932
was published
for
area17/twill
(Composer)
Nov 15, 2021
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3931
was published
for
snipe/snipe-it
(Composer)
Nov 15, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3921
was published
for
grumpydictator/firefly-iii
(Composer)
Nov 15, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3775
was published
for
showdoc/showdoc
(Composer)
Nov 15, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3683
was published
for
showdoc/showdoc
(Composer)
Nov 15, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3776
was published
for
showdoc/showdoc
(Composer)
Nov 15, 2021
Request injection in Spring Cloud Gateway
Moderate
CVE-2021-22051
was published
for
org.springframework.cloud:spring-cloud-gateway
(Maven)
Nov 10, 2021
Cross-Site Request Forgery in firefly-iii
Moderate
CVE-2021-3900
was published
for
grumpydictator/firefly-iii
(Composer)
Oct 28, 2021
Cross-Site Request Forgery in firefly-iii
Low
CVE-2021-3901
was published
for
grumpydictator/firefly-iii
(Composer)
Oct 28, 2021
ProTip!
Advisories are also available from the
GraphQL API