Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
Rancher Vulnerable to Cross-site Request Forgery (CSRF) High
CVE-2019-13209 was published for github.com/rancher/rancher (Go) May 18, 2021
Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19025 was published for github.com/goharbor/harbor (Go) May 18, 2021
Cross-site Request Forgery (CSRF) High
CVE-2017-1000069 was published for github.com/bitly/oauth2_proxy (Go) Dec 20, 2021
Cross-Site Request Forgery in Filebrowser High
CVE-2021-46398 was published for github.com/filebrowser/filebrowser/v2 (Go) Feb 5, 2022
Cross Site Request Forgery in Gitea High
CVE-2021-45326 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
etcd Cross-site Request Forgery (CSRF) High
CVE-2018-1098 was published for go.etcd.io/etcd/v3 (Go) Feb 15, 2022
Withdrawn Advisory: OpenShift OAuth Server XSS Vulnerability Moderate
CVE-2019-3876 was published for github.com/openshift/oauth-apiserver (Go) May 13, 2022 withdrawn
Minikube RCE via DNS Rebinding High
CVE-2018-1002103 was published for k8s.io/minikube (Go) May 13, 2022
AdGuardHome vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-32175 was published for github.com/AdguardTeam/AdGuardHome (Go) Oct 11, 2022
tdunlap607
Tailscale Windows daemon is vulnerable to RCE via CSRF Critical
CVE-2022-41924 was published for tailscale.com (Go) Nov 21, 2022
emilytrau JJJollyjim
hod-alpert
Tailscale daemon is vulnerable to information disclosure via CSRF Low
CVE-2022-41925 was published for tailscale.com/cmd (Go) Nov 21, 2022
emilytrau JJJollyjim
kube-httpcache is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
GHSA-47xh-qxqv-mgvg was published for github.com/mittwald/kube-httpcache (Go) Dec 2, 2022
kbcasagrande
destiny.gg chat vulnerable to cross-site request forgery High
CVE-2020-36625 was published for github.com/destinygg/chat (Go) Dec 22, 2022
Golf may allow attacker to bypass CSRF protections due to weak PRNG High
CVE-2016-15005 was published for github.com/dinever/golf (Go) Dec 28, 2022
usememos/memos Cross-Site Request Forgery vulnerability Moderate
CVE-2022-4845 was published for github.com/usememos/memos (Go) Dec 29, 2022
usememos/memos Cross-Site Request Forgery vulnerability Moderate
CVE-2022-4846 was published for github.com/usememos/memos (Go) Dec 29, 2022
usememos/memos Cross-Site Request Forgery vulnerability High
CVE-2022-4844 was published for github.com/usememos/memos (Go) Dec 29, 2022
usememos/memos Cross-Site Request Forgery vulnerability Moderate
CVE-2022-4850 was published for github.com/usememos/memos (Go) Dec 29, 2022
usememos/memos Cross-Site Request Forgery vulnerability Moderate
CVE-2022-4849 was published for github.com/usememos/memos (Go) Dec 29, 2022
J3rry-1729
Phachon mm-wiki Cross Site Request Forgery vulnerability High
CVE-2020-19278 was published for github.com/phachon/mm-wiki (Go) Apr 4, 2023
Casdoor Cross-Site Request Forgery vulnerability Moderate
CVE-2023-34927 was published for github.com/casdoor/casdoor (Go) Jun 22, 2023
Cross-Site Request Forgery (CSRF) in usememos/memos High
CVE-2023-5036 was published for github.com/usememos/memos (Go) Sep 18, 2023
Go Fiber CSRF Token Validation Vulnerability High
CVE-2023-45141 was published for github.com/gofiber/fiber/v2 (Go) Oct 17, 2023
sixcolors ReneWerner87
gaby rosenblueh
github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability High
CVE-2024-22424 was published for github.com/argoproj/argo-cd (Go) Jan 19, 2024
aphtrinh
Grafana Cross Site Request Forgery (CSRF) Moderate
CVE-2022-21703 was published for github.com/grafana/grafana/pkg/web (Go) Feb 1, 2024
ProTip! Advisories are also available from the GraphQL API