Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,000
Erlang
29
GitHub Actions
16
Go
1,787
Maven
5,000+
npm
3,547
NuGet
622
pip
3,143
Pub
10
RubyGems
839
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

203 advisories

Loading
ProcessWire Cross Site Request Forgery vulnerability Moderate
CVE-2024-41597 was published for processwire/processwire (Composer) Jul 19, 2024
Moodle CSRF risk in analytics management of models High
CVE-2024-34008 was published for moodle/moodle (Composer) May 31, 2024
Moodle CSRF risk in admin preset tool management of presets High
CVE-2024-34001 was published for moodle/moodle (Composer) May 31, 2024
Moodle CSRF risks due to misuse of confirm_sesskey Moderate
CVE-2024-38276 was published for moodle/moodle (Composer) Jun 18, 2024
Zend-Diactoros URL Rewrite vulnerability Moderate
GHSA-fq4p-86hh-42v9 was published for zendframework/zend-diactoros (Composer) Jun 7, 2024
Zend-Navigation vulnerable to Cross-site Scripting High
GHSA-6v7p-5qcq-268c was published for zendframework/zend-navigation (Composer) Jun 7, 2024
Zend-Feed URL Rewrite vulnerability High
GHSA-jmmp-vh96-78rm was published for zendframework/zend-feed (Composer) Jun 7, 2024
Zend-HTTP URL Rewrite vulnerability High
GHSA-cg8w-5jrc-675g was published for zendframework/zend-http (Composer) Jun 7, 2024
Zendframework URL Rewrite vulnerability Moderate
GHSA-fh7r-58q4-6387 was published for zendframework/zendframework (Composer) Jun 7, 2024
Moodle Logout CSRF in admin/tool/mfa/auth.php Moderate
CVE-2024-34007 was published for moodle/moodle (Composer) May 31, 2024
Sylius Resource Bundle Cross-Site Request Forgery vulnerability Moderate
GHSA-65v7-wg35-2qpm was published for sylius/resource-bundle (Composer) May 29, 2024
silverstripe/graphql Cross-Site Request Forgery vulnerability High
GHSA-wjg9-v8cf-f5q2 was published for silverstripe/graphql (Composer) May 28, 2024
Silverstripe Missing CSRF protection in login form Moderate
GHSA-vj2j-6g3w-4662 was published for silverstripe/framework (Composer) May 23, 2024
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter Moderate
GHSA-2hpc-mf4q-j885 was published for silverstripe/framework (Composer) May 23, 2024
Silverstripe Forum Module CSRF Vulnerability Moderate
GHSA-w8fq-xgvh-cxc2 was published for silverstripe/forum (Composer) May 23, 2024
sensiolabs/connect has a Cross-Site Request Forgery Vulnerability Moderate
GHSA-6wqp-7g94-f69j was published for sensiolabs/connect (Composer) May 21, 2024
Wikimedia MediaWiki allows CSRF High
CVE-2019-12466 was published for mediawiki/core (Composer) May 24, 2022
eZ Platform CSRF token in login form is disabled by default High
GHSA-45qm-j4m9-whv9 was published for ezsystems/ezplatform (Composer) May 15, 2024
Dolibarr Cross-Site Request Forgery (CSRF) High
CVE-2019-15062 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr Cross Site Request Forgery (CSRF) High
CVE-2019-1010054 was published for dolibarr/dolibarr (Composer) May 24, 2022
Drupal Cross-Site Request Forgery (CSRF) High
CVE-2017-6379 was published for drupal/core (Composer) May 17, 2022
Moodle vulnerable to Cross-site Request Forgery High
CVE-2023-28335 was published for moodle/moodle (Composer) Mar 23, 2023
Contao CSRF Token Bypass High
CVE-2019-10642 was published for contao/contao (Composer) May 14, 2022
PyroCMS Vulnerable to CSRF High
CVE-2020-25263 was published for pyrocms/pyrocms (Composer) May 24, 2022
PyroCMS Vulnerable to CSRF Moderate
CVE-2020-25262 was published for pyrocms/pyrocms (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API