Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,996
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,545
NuGet
620
pip
3,136
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,149 advisories

Loading
omniauth-facebook Cross-Site Request Forgery vulnerability Moderate
CVE-2013-4562 was published for omniauth-facebook (RubyGems) Oct 24, 2017
omniauth-oauth2 Cross-Site Request Forgery vulnerability Moderate
CVE-2012-6134 was published for omniauth-oauth2 (RubyGems) Oct 24, 2017
actionpack Cross-Site Request Forgery vulnerability Moderate
CVE-2011-0447 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
rails is vulnerable to CRLF injection Moderate
CVE-2008-5189 was published for rails (RubyGems) Oct 24, 2017
Cross-site request forgery in Django Moderate
CVE-2011-0696 was published for django (pip) Jul 23, 2018
MarkLee131
Moderate severity vulnerability that affects django Moderate
CVE-2011-4140 was published for django (pip) Jul 23, 2018
Doorkeeper contains Cross-site Request Forgery Moderate
CVE-2014-8144 was published for doorkeeper (RubyGems) Sep 17, 2018
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, and org.apache.cxf.fediz:fediz-spring2 Moderate
CVE-2017-7661 was published for org.apache.cxf.fediz:fediz-jetty8 (Maven) Oct 18, 2018
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3 Moderate
CVE-2017-12631 was published for org.apache.cxf.fediz:fediz-spring (Maven) Oct 18, 2018
MarkLee131
CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux Moderate
CVE-2020-5397 was published for org.springframework:spring-webflux (Maven) Jan 21, 2020
sunSUNQ
CSRF and DNS Rebinding in Oasis Moderate
CVE-2020-11003 was published for @fraction/oasis (npm) Apr 16, 2020
christianbundy zozs
Ability to forge per-form CSRF tokens in Rails Moderate
CVE-2020-8166 was published for actionpack (RubyGems) May 26, 2020
CSRF Vulnerability in rails-ujs Moderate
CVE-2020-8167 was published for actionview (RubyGems) Jul 7, 2020
Sensitive information exposure through logs in npm-registry-fetch Moderate
GHSA-jmqm-f2gx-4fjv was published for npm-registry-fetch (npm) Jul 7, 2020
CSRF vulnerability in save-server Moderate
CVE-2020-15135 was published for save-server (npm) Aug 4, 2020
Field Test CSRF vulnerability Moderate
CVE-2020-16252 was published for field_test (RubyGems) Aug 5, 2020
greysteil
CSRF Vulnerability in polaris-website Moderate
GHSA-whrh-9j4q-g7ph was published for polaris-website (npm) Aug 5, 2020
CSRF in Play Framework Moderate
CVE-2020-12480 was published for com.typesafe.play:play_2.12 (Maven) Aug 18, 2020
XSS due to lack of CSRF validation for replying/publishing Moderate
CVE-2020-15156 was published for nodebb-plugin-blog-comments (npm) Aug 26, 2020
gwynnarth
Rosetta-Flash JSONP Vulnerability in hapi Moderate
CVE-2014-4671 was published for hapi (npm) Aug 31, 2020
tdunlap607
CSRF Vulnerability in jquery-ujs Moderate
GHSA-6qqj-rx4w-r3cj was published for jquery-ujs (npm) Aug 31, 2020
Cross-Site Request Forgery (CSRF) Moderate
GHSA-wj5j-xpcj-45gc was published for devise_invitable (RubyGems) Feb 24, 2021 withdrawn
Cross-Site Request Forgery in MAGMI Moderate
CVE-2020-5776 was published for dweeves/magmi (Composer) May 6, 2021
Lack of protection against cookie tossing attacks in fastify-csrf Moderate
CVE-2021-29624 was published for fastify-csrf (npm) May 17, 2021
Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19025 was published for github.com/goharbor/harbor (Go) May 18, 2021
ProTip! Advisories are also available from the GraphQL API