Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,984
npm
3,523
NuGet
611
pip
3,098
Pub
10
RubyGems
834
Rust
784
Swift
34
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Loading
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain High
CVE-2024-34069 was published for Werkzeug (pip) May 6, 2024
Ry0taK
Django cross-site request forgery (CSRF) vulnerability Moderate
CVE-2008-3909 was published for django (pip) May 2, 2022
MarkLee131
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files Moderate
CVE-2024-1727 was published for gradio (pip) May 21, 2024
Duplicate Advisory: Cross-Site Request Forgery in Gradio Moderate
GHSA-3x9g-xfj5-fq84 was published for gradio (pip) Mar 21, 2024 withdrawn
Cross-site request forgery in Django Moderate
CVE-2011-0696 was published for django (pip) Jul 23, 2018
MarkLee131
Cross-Site Request Forgery vulnerability in Prefect High
CVE-2023-6022 was published for prefect (pip) Nov 16, 2023
zangell44 bunchesofdonald
Plone Cross-site request forgery (CSRF) Moderate
CVE-2008-0164 was published for Plone (pip) May 1, 2022
Kallithea cross-site request forgery (CSRF) vulnerability High
CVE-2015-0276 was published for Kallithea (pip) May 13, 2022
Plone vulnerable to cross-site request forgery High
CVE-2015-7293 was published for Plone (pip) May 17, 2022
Edgewall Trac Cross-site request forgery (CSRF) vulnerability High
CVE-2006-5878 was published for trac (pip) May 1, 2022
ESPHome vulnerable to Authentication bypass via Cross site request forgery High
CVE-2024-29019 was published for esphome (pip) Mar 21, 2024
r3kumar
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations High
CVE-2024-2196 was published for aim (pip) Apr 10, 2024
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing High
CVE-2024-28233 was published for jupyterhub (pip) Mar 28, 2024
Th0h0
Cross-Site Request Forgery (CSRF) in Apache Airflow High
CVE-2017-17835 was published for apache-airflow (pip) Jan 25, 2019
sunSUNQ
furlongm openvpn-monitor allows CSRF to disconnect an arbitrary client Moderate
CVE-2021-31604 was published for openvpn-monitor (pip) May 24, 2022
Cross-Site Request Forgery in Webargs High
CVE-2020-7965 was published for webargs (pip) Apr 7, 2021
tmorrell gillarramendi
Cross-Site Request Forgery (CSRF) in FastAPI High
CVE-2021-32677 was published for fastapi (pip) Jun 10, 2021
b0g3r
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation Critical
CVE-2024-22416 was published for pyload-ng (pip) Jan 19, 2024
PinkDraconian kaydoda
Cobbler Web Interface Lacks CSRF Protection High
CVE-2011-4952 was published for cobbler (pip) Apr 22, 2022
Apache Airflow Cross-Site Request Forgery vulnerability Moderate
CVE-2023-49920 was published for apache-airflow (pip) Dec 21, 2023
wger Workout Manager Cross-Site Request Forgery vulnerability High
CVE-2023-38759 was published for wger (pip) Aug 8, 2023
modoboa vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-2228 was published for modoboa (pip) Apr 21, 2023
modoboa Cross-Site Request Forgery vulnerability Moderate
CVE-2023-5690 was published for modoboa (pip) Oct 20, 2023
Kotti CSRF in the local roles implementation High
CVE-2018-9856 was published for Kotti (pip) Jul 12, 2018
Cross-Site Request Forgery in JupyterHub Moderate
CVE-2020-36191 was published for jupyterhub (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API