Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,614
NuGet
638
pip
3,226
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

304 advisories

Loading
Cross-Site Request Forgery in forkcms High
CVE-2020-23264 was published for forkcms/forkcms (Composer) Jun 22, 2021
Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server High
CVE-2021-39133 was published for org.rundeck:rundeck-core (Maven) Sep 1, 2021
Cross-Site Request Forgery in GilaCMS High
CVE-2020-20693 was published for gilacms/gila (Composer) Sep 30, 2021
Cross-Site Request Forgery in PiranhaCMS High
CVE-2021-25976 was published for Piranha (NuGet) Nov 17, 2021
Cross Site Request Forgery in kindeditor High
CVE-2021-42228 was published for kindeditor (npm) Oct 18, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4017 was published for showdoc/showdoc (Composer) Dec 3, 2021
usememos/memos Cross-Site Request Forgery vulnerability High
CVE-2022-4844 was published for github.com/usememos/memos (Go) Dec 29, 2022
Cross-Site Request Forgery in hawtio High
CVE-2017-7556 was published for io.hawt:project (Maven) May 13, 2022
springframework-social Cross-Site Request Forgery vulnerability High
CVE-2015-5258 was published for org.springframework.social:spring-social-core (Maven) May 13, 2022
Jenkins Favorite Plugin vulnerable to Cross-Site Request Forgery High
CVE-2017-1000244 was published for org.jvnet.hudson.plugins:favorite (Maven) May 14, 2022
Apache Archiva vulnerable to Cross Site Request Forgery High
CVE-2017-5657 was published for org.apache.archiva:archiva (Maven) May 14, 2022
Apache OpenMeetings vulnerable to Cross-Site Request Forgery High
CVE-2017-7666 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 17, 2022
Jenkins Alauda DevOps Pipeline Plugin vulnerable to cross-site request forgery High
CVE-2019-16573 was published for com.alauda.jenkins.plugins:alauda-devops-pipeline (Maven) May 24, 2022
CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials High
CVE-2022-27210 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault
Togglz console missing cross-site request forgery (CSRF) protection High
CVE-2020-28191 was published for org.togglz:togglz-console (Maven) Jul 15, 2022
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4131 was published for remdex/livehelperchat (Composer) Jan 5, 2022
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4164 was published for calibreweb (pip) Jan 21, 2022
Cross-Site Request Forgery in yetiforce High
CVE-2022-0269 was published for yetiforce/yetiforce-crm (Composer) Jan 27, 2022
Cross-Site Request Forgery (CSRF) allowing to delete or rename tags High
CVE-2022-41927 was published for org.xwiki.platform:xwiki-platform-tag-ui (Maven) Nov 21, 2022
Cross-Site Request Forgery in xwiki-platform High
CVE-2021-32732 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Feb 10, 2022
Cross Site Request Forgery in concrete5/concrete5 High
CVE-2021-22954 was published for concrete5/concrete5 (Composer) Feb 11, 2022
Cross-Site Request Forgery in Magnolia CMS High
CVE-2021-46366 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
Cross Site Request Forgery in Apache JSPWiki High
CVE-2022-24947 was published for org.apache.jspwiki:jspwiki-main (Maven) Feb 26, 2022
Cross Site Request Forgery in intelliants/subrion High
CVE-2020-18326 was published for intelliants/subrion (Composer) Mar 5, 2022
Cross-site request forgery vulnerability in Jenkins BearyChat Plugin High
CVE-2023-24458 was published for org.jenkins-ci.plugins:bearychat (Maven) Jan 26, 2023
ProTip! Advisories are also available from the GraphQL API