Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

13 advisories

@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state High
CVE-2023-31999 was published for @fastify/oauth2 (npm) Jul 5, 2023
erezarnon panva
mcollina marco-ippolito
SvelteKit framework has Insufficient CSRF protection for CORS requests High
CVE-2023-29008 was published for @sveltejs/kit (npm) Apr 7, 2023
Ry0taK benmccann
dominikg Conduitry
SvelteKit vulnerable to Cross-Site Request Forgery High
CVE-2023-29003 was published for @sveltejs/kit (npm) Apr 4, 2023
v1ktor0t benmccann
Conduitry eltigerchino dominikg
Missing proper state, nonce and PKCE checks for OAuth authentication High
CVE-2023-27490 was published for next-auth (npm) Mar 13, 2023
FINDarkside
NodeBB account takeover via SSO plugins High
CVE-2022-36076 was published for nodebb (npm) Sep 16, 2022
Cross Site Request Forgery in kindeditor High
CVE-2021-42228 was published for kindeditor (npm) Oct 18, 2021
Cross-Site Request Forgery in express-cart High
CVE-2020-22403 was published for express-cart (npm) Aug 30, 2021
Cross-site Request Forgery in fastify-csrf High
CVE-2020-28482 was published for fastify-csrf (npm) Jan 20, 2021
No CSRF Validation in droppy High
CVE-2016-10529 was published for droppy (npm) Feb 18, 2019
Cross-Site Request Forgery (CSRF) in Auth0 High
CVE-2018-6874 was published for auth0-js (npm) Nov 6, 2018
pym.js CSRF Vulnerability High
CVE-2018-1000086 was published for pym.js (npm) Mar 13, 2018
Auth0-js bypasses CSRF checks High
CVE-2018-7307 was published for auth0-js (npm) Mar 7, 2018
Cross-Site Request Forgery (CSRF) in keystone High
CVE-2017-16570 was published for keystone (npm) Nov 30, 2017
ProTip! Advisories are also available from the GraphQL API