GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
299 advisories
Filter by severity
Zend-Navigation vulnerable to Cross-site Scripting
High
GHSA-6v7p-5qcq-268c
was published
for
zendframework/zend-navigation
(Composer)
Jun 7, 2024
Zend-Feed URL Rewrite vulnerability
High
GHSA-jmmp-vh96-78rm
was published
for
zendframework/zend-feed
(Composer)
Jun 7, 2024
Zend-HTTP URL Rewrite vulnerability
High
GHSA-cg8w-5jrc-675g
was published
for
zendframework/zend-http
(Composer)
Jun 7, 2024
Moodle CSRF risk in admin preset tool management of presets
High
CVE-2024-34001
was published
for
moodle/moodle
(Composer)
May 31, 2024
silverstripe/graphql Cross-Site Request Forgery vulnerability
High
GHSA-wjg9-v8cf-f5q2
was published
for
silverstripe/graphql
(Composer)
May 28, 2024
eZ Platform CSRF token in login form is disabled by default
High
GHSA-45qm-j4m9-whv9
was published
for
ezsystems/ezplatform
(Composer)
May 15, 2024
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
High
CVE-2024-34069
was published
for
Werkzeug
(pip)
May 6, 2024
Dolibarr vulnerable to Cross-Site Request Forgery
High
CVE-2024-31503
was published
for
dolibarr/dolibarr
(Composer)
Apr 17, 2024
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations
High
CVE-2024-2196
was published
for
aim
(pip)
Apr 10, 2024
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
High
CVE-2024-28233
was published
for
jupyterhub
(pip)
Mar 28, 2024
Cross-Site Request Forgery in Anchor CMS
High
CVE-2024-29499
was published
for
anchorcms/anchor-cms
(Composer)
Mar 22, 2024
Cross-Site Request Forgery in Anchor CMS
High
CVE-2024-29338
was published
for
anchorcms/anchor-cms
(Composer)
Mar 22, 2024
ESPHome vulnerable to Authentication bypass via Cross site request forgery
High
CVE-2024-29019
was published
for
esphome
(pip)
Mar 21, 2024
livewire Cross-Site Request Forgery vulnerability
High
CVE-2024-22859
was published
for
livewire/livewire
(Composer)
Feb 1, 2024
•
withdrawn
github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability
High
CVE-2024-22424
was published
for
github.com/argoproj/argo-cd
(Go)
Jan 19, 2024
Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability
High
CVE-2023-50766
was published
for
org.sonatype.nexus.ci:nexus-jenkins-plugin
(Maven)
Dec 13, 2023
Cross-site request forgery vulnerability in Jenkins HTMLResource Plugin
High
CVE-2023-50774
was published
for
org.jenkins-ci.plugins:htmlresource
(Maven)
Dec 13, 2023
Cross Site Request Forgery in Silverpeas
High
CVE-2023-47322
was published
for
org.silverpeas.core:silverpeas-core-web
(Maven)
Dec 13, 2023
Cross Site Request Forgery in Silverpeas
High
CVE-2023-47326
was published
for
org.silverpeas.core:silverpeas-core
(Maven)
Dec 13, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/save
High
CVE-2023-49396
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/tag/save
High
CVE-2023-49383
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/div/update
High
CVE-2023-49381
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/div/delete
High
CVE-2023-49382
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/nav/save
High
CVE-2023-49446
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/nav/update
High
CVE-2023-49447
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
ProTip!
Advisories are also available from the
GraphQL API