Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

91 advisories

Loading
Codiad CSRF Vulnerability High
CVE-2020-14043 was published for codiad/codiad (Composer) May 24, 2022
Bagisto CSRF Vulnerability High
CVE-2019-14933 was published for bagisto/bagisto (Composer) May 24, 2022
Gleez CMS CSRF Allows Adding of Administrator Accounts High
CVE-2018-15845 was published for gleez/cms (Composer) May 14, 2022
ViMbAdmin CSRF Vulnerabilities High
CVE-2017-6086 was published for opensolutions/vimbadmin (Composer) May 17, 2022
PyroCMS Vulnerable to CSRF High
CVE-2020-25263 was published for pyrocms/pyrocms (Composer) May 24, 2022
Contao CSRF Token Bypass High
CVE-2019-10642 was published for contao/contao (Composer) May 14, 2022
Moodle vulnerable to Cross-site Request Forgery High
CVE-2023-28335 was published for moodle/moodle (Composer) Mar 23, 2023
Drupal Cross-Site Request Forgery (CSRF) High
CVE-2017-6379 was published for drupal/core (Composer) May 17, 2022
Dolibarr Cross Site Request Forgery (CSRF) High
CVE-2019-1010054 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr Cross-Site Request Forgery (CSRF) High
CVE-2019-15062 was published for dolibarr/dolibarr (Composer) May 24, 2022
eZ Platform CSRF token in login form is disabled by default High
GHSA-45qm-j4m9-whv9 was published for ezsystems/ezplatform (Composer) May 15, 2024
Wikimedia MediaWiki allows CSRF High
CVE-2019-12466 was published for mediawiki/core (Composer) May 24, 2022
silverstripe/graphql Cross-Site Request Forgery vulnerability High
GHSA-wjg9-v8cf-f5q2 was published for silverstripe/graphql (Composer) May 28, 2024
Zend-HTTP URL Rewrite vulnerability High
GHSA-cg8w-5jrc-675g was published for zendframework/zend-http (Composer) Jun 7, 2024
Zend-Feed URL Rewrite vulnerability High
GHSA-jmmp-vh96-78rm was published for zendframework/zend-feed (Composer) Jun 7, 2024
Zend-Navigation vulnerable to Cross-site Scripting High
GHSA-6v7p-5qcq-268c was published for zendframework/zend-navigation (Composer) Jun 7, 2024
ProTip! Advisories are also available from the GraphQL API