GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,990
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,133
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
93 advisories
Filter by severity
Yii Framework Cross-Site Request Forgery (CSRF)
High
CVE-2018-6009
was published
for
yiisoft/yii2
(Composer)
May 14, 2022
QuickAppsCMS Cross-Site Request Forgery (CSRF)
High
CVE-2018-9108
was published
for
quickapps/cms
(Composer)
May 14, 2022
phpMyAdmin CSRF vulnerability allowing arbitrary SQL execution
High
CVE-2018-10188
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
OpenCart Cross-Site Request Forgery (CSRF)
High
CVE-2018-13067
was published
for
opencart/opencart
(Composer)
May 14, 2022
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter
High
CVE-2015-8379
was published
for
cakephp/cakephp
(Composer)
May 14, 2022
Pimcore CSRF Vulnerability
High
CVE-2018-14057
was published
for
pimcore/pimcore
(Composer)
May 14, 2022
Gleez CMS CSRF Allows Adding of Administrator Accounts
High
CVE-2018-15845
was published
for
gleez/cms
(Composer)
May 14, 2022
Elefant CMS CSRF Vulnerability
High
CVE-2018-16387
was published
for
elefant/cms
(Composer)
May 14, 2022
Subrion CMS CSRF Vulnerability
High
CVE-2017-15063
was published
for
intelliants/subrion
(Composer)
May 14, 2022
QuickAppsCMS Cross-Site Request Forgery (CSRF)
High
CVE-2018-17102
was published
for
quickapps/cms
(Composer)
May 14, 2022
Zenario CMS vulnerable to CSRF
High
CVE-2018-18420
was published
for
tribalsystems/zenario
(Composer)
May 14, 2022
Subrion CMS vulnerable to CSRF in admin/blocks/add
High
CVE-2017-6068
was published
for
intelliants/subrion
(Composer)
May 14, 2022
Symfony CSRF Token Fixation
High
CVE-2018-11406
was published
for
symfony/security
(Composer)
May 14, 2022
Subrion CMS vulnerable to CSRF in blog/delete
High
CVE-2017-18366
was published
for
intelliants/subrion
(Composer)
May 14, 2022
Contao CSRF Token Bypass
High
CVE-2019-10642
was published
for
contao/contao
(Composer)
May 14, 2022
phpMyAdmin CSRF Vulnerability
High
CVE-2018-19969
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin CSRF Vulnerability
High
CVE-2017-1000499
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Moodle Login CSRF vulnerability in login form
High
CVE-2018-16854
was published
for
moodle/moodle
(Composer)
May 13, 2022
CSRF in baserCMS 3.0.10 and earlier
High
CVE-2016-4879
was published
for
baserproject/basercms
(Composer)
May 13, 2022
WPGlobus plugin Stored XSS & CSRF security vulnerability
High
CVE-2018-5361
was published
for
wpglobus/wpglobus
(Composer)
May 13, 2022
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
High
CVE-2015-5338
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Cross-site request forgery (CSRF) vulnerability
High
CVE-2016-3734
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site request forgery (CSRF) vulnerability
High
CVE-2016-2157
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API