Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

104 advisories

Loading
CakePHP has incorrect Cross-Site Request Forgery validation Moderate
GHSA-829q-v5g8-hhxc was published for cakephp/cakephp (Composer) Jan 20, 2023
Predictable CSRF tokens in centreon/centreon Moderate
CVE-2021-28055 was published for centreon/centreon (Composer) Jun 8, 2021
Cross-Site Request Forgery in Anchor CMS Moderate
CVE-2022-25576 was published for anchorcms/anchor-cms (Composer) Mar 26, 2022
Kirby CMS 2.5.12 Cross-site Request Forgery Moderate
CVE-2018-14519 was published for getkirby/cms (Composer) Aug 25, 2022
Froxlor vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2022-3017 was published for froxlor/froxlor (Composer) Aug 29, 2022
ProcessWire vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-40488 was published for processwire/processwire (Composer) Oct 31, 2022
CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection Moderate
CVE-2022-35943 was published for codeigniter4/shield (Composer) Aug 18, 2022
wert310 pedromigueladao
lavish
Cross-Site Request Forgery in Moodle Moderate
CVE-2022-45149 was published for moodle/moodle (Composer) Nov 23, 2022
Cross-Site Request Forgery in MAGMI Moderate
CVE-2020-5776 was published for dweeves/magmi (Composer) May 6, 2021
Cross-Site Request Forgery in firefly-iii Moderate
CVE-2021-3819 was published for grumpydictator/firefly-iii (Composer) Sep 29, 2021
Cross-Site Request Forgery in snipe-it Moderate
CVE-2021-3858 was published for snipe/snipe-it (Composer) Oct 21, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3683 was published for showdoc/showdoc (Composer) Nov 15, 2021
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3931 was published for snipe/snipe-it (Composer) Nov 15, 2021
Improper Restriction of Rendered UI Layers or Frames in yourls Moderate
CVE-2021-3734 was published for yourls/yourls (Composer) Aug 30, 2021
Cross-Site Request Forgery in firefly-iii Moderate
CVE-2021-3900 was published for grumpydictator/firefly-iii (Composer) Oct 28, 2021
Cross-site Scripting in kimai2 Moderate
CVE-2021-3976 was published for kevinpapst/kimai2 (Composer) Nov 23, 2021
Cross-site Scripting in kimai2 Moderate
CVE-2021-3963 was published for kevinpapst/kimai2 (Composer) Nov 23, 2021
Cross-site Scripting in kimai2 Moderate
CVE-2021-3957 was published for kevinpapst/kimai2 (Composer) Nov 23, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3775 was published for showdoc/showdoc (Composer) Nov 15, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3921 was published for grumpydictator/firefly-iii (Composer) Nov 15, 2021
twill is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3932 was published for area17/twill (Composer) Nov 15, 2021
Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys Moderate
CVE-2021-41273 was published for pterodactyl/panel (Composer) Nov 18, 2021
Haxatron
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4015 was published for grumpydictator/firefly-iii (Composer) Dec 6, 2021
The disqualify lead action may be executed without CSRF token check Moderate
CVE-2021-39198 was published for oro/crm (Composer) Nov 19, 2021
Cross Site Request Forgery in firefly-iii Moderate
CVE-2021-4005 was published for grumpydictator/firefly-iii (Composer) Dec 10, 2021
ProTip! Advisories are also available from the GraphQL API