GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,614
NuGet
638
pip
3,226
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
304 advisories
Filter by severity
Cross-Site Request Forgery in forkcms
High
CVE-2020-23264
was published
for
forkcms/forkcms
(Composer)
Jun 22, 2021
Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server
High
CVE-2021-39133
was published
for
org.rundeck:rundeck-core
(Maven)
Sep 1, 2021
Cross-Site Request Forgery in GilaCMS
High
CVE-2020-20693
was published
for
gilacms/gila
(Composer)
Sep 30, 2021
Cross-Site Request Forgery in PiranhaCMS
High
CVE-2021-25976
was published
for
Piranha
(NuGet)
Nov 17, 2021
Cross Site Request Forgery in kindeditor
High
CVE-2021-42228
was published
for
kindeditor
(npm)
Oct 18, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
High
CVE-2021-4017
was published
for
showdoc/showdoc
(Composer)
Dec 3, 2021
usememos/memos Cross-Site Request Forgery vulnerability
High
CVE-2022-4844
was published
for
github.com/usememos/memos
(Go)
Dec 29, 2022
Cross-Site Request Forgery in hawtio
High
CVE-2017-7556
was published
for
io.hawt:project
(Maven)
May 13, 2022
springframework-social Cross-Site Request Forgery vulnerability
High
CVE-2015-5258
was published
for
org.springframework.social:spring-social-core
(Maven)
May 13, 2022
Jenkins Favorite Plugin vulnerable to Cross-Site Request Forgery
High
CVE-2017-1000244
was published
for
org.jvnet.hudson.plugins:favorite
(Maven)
May 14, 2022
Apache Archiva vulnerable to Cross Site Request Forgery
High
CVE-2017-5657
was published
for
org.apache.archiva:archiva
(Maven)
May 14, 2022
Apache OpenMeetings vulnerable to Cross-Site Request Forgery
High
CVE-2017-7666
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 17, 2022
Jenkins Alauda DevOps Pipeline Plugin vulnerable to cross-site request forgery
High
CVE-2019-16573
was published
for
com.alauda.jenkins.plugins:alauda-devops-pipeline
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials
High
CVE-2022-27210
was published
for
org.jenkins-ci.plugins:kubernetes-cd
(Maven)
Mar 16, 2022
Togglz console missing cross-site request forgery (CSRF) protection
High
CVE-2020-28191
was published
for
org.togglz:togglz-console
(Maven)
Jul 15, 2022
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
High
CVE-2021-4131
was published
for
remdex/livehelperchat
(Composer)
Jan 5, 2022
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
High
CVE-2021-4164
was published
for
calibreweb
(pip)
Jan 21, 2022
Cross-Site Request Forgery in yetiforce
High
CVE-2022-0269
was published
for
yetiforce/yetiforce-crm
(Composer)
Jan 27, 2022
Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
High
CVE-2022-41927
was published
for
org.xwiki.platform:xwiki-platform-tag-ui
(Maven)
Nov 21, 2022
Cross-Site Request Forgery in xwiki-platform
High
CVE-2021-32732
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Feb 10, 2022
Cross Site Request Forgery in concrete5/concrete5
High
CVE-2021-22954
was published
for
concrete5/concrete5
(Composer)
Feb 11, 2022
Cross-Site Request Forgery in Magnolia CMS
High
CVE-2021-46366
was published
for
info.magnolia:magnolia-core
(Maven)
Feb 12, 2022
Cross Site Request Forgery in Apache JSPWiki
High
CVE-2022-24947
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Feb 26, 2022
Cross Site Request Forgery in intelliants/subrion
High
CVE-2020-18326
was published
for
intelliants/subrion
(Composer)
Mar 5, 2022
Cross-site request forgery vulnerability in Jenkins BearyChat Plugin
High
CVE-2023-24458
was published
for
org.jenkins-ci.plugins:bearychat
(Maven)
Jan 26, 2023
ProTip!
Advisories are also available from the
GraphQL API