Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

13 advisories

Loading
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state High
CVE-2023-31999 was published for @fastify/oauth2 (npm) Jul 5, 2023
erezarnon panva
mcollina marco-ippolito
SvelteKit framework has Insufficient CSRF protection for CORS requests High
CVE-2023-29008 was published for @sveltejs/kit (npm) Apr 7, 2023
Ry0taK benmccann
dominikg Conduitry
SvelteKit vulnerable to Cross-Site Request Forgery High
CVE-2023-29003 was published for @sveltejs/kit (npm) Apr 4, 2023
v1ktor0t benmccann
Conduitry eltigerchino dominikg
Missing proper state, nonce and PKCE checks for OAuth authentication High
CVE-2023-27490 was published for next-auth (npm) Mar 13, 2023
FINDarkside
NodeBB account takeover via SSO plugins High
CVE-2022-36076 was published for nodebb (npm) Sep 16, 2022
Cross Site Request Forgery in kindeditor High
CVE-2021-42228 was published for kindeditor (npm) Oct 18, 2021
Cross-Site Request Forgery in express-cart High
CVE-2020-22403 was published for express-cart (npm) Aug 30, 2021
Cross-site Request Forgery in fastify-csrf High
CVE-2020-28482 was published for fastify-csrf (npm) Jan 20, 2021
No CSRF Validation in droppy High
CVE-2016-10529 was published for droppy (npm) Feb 18, 2019
Cross-Site Request Forgery (CSRF) in Auth0 High
CVE-2018-6874 was published for auth0-js (npm) Nov 6, 2018
pym.js CSRF Vulnerability High
CVE-2018-1000086 was published for pym.js (npm) Mar 13, 2018
Auth0-js bypasses CSRF checks High
CVE-2018-7307 was published for auth0-js (npm) Mar 7, 2018
Cross-Site Request Forgery (CSRF) in keystone High
CVE-2017-16570 was published for keystone (npm) Nov 30, 2017
ProTip! Advisories are also available from the GraphQL API