Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,427
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

314 advisories

Loading
Cross-Site Request Forgery in express-cart High
CVE-2020-22403 was published for express-cart (npm) Aug 30, 2021
Cross-Site Request Forgery in forkcms High
CVE-2020-23264 was published for forkcms/forkcms (Composer) Jun 22, 2021
Cryptographically weak CSRF tokens in Apache MyFaces High
CVE-2021-26296 was published for org.apache.myfaces.core:myfaces-core-module (Maven) Jun 16, 2021
CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials High
CVE-2021-21652 was published for org.jenkins-ci.plugins:xray-connector (Maven) Jun 16, 2021
NotMyFault
Cross-Site Request Forgery (CSRF) in FastAPI High
CVE-2021-32677 was published for fastapi (pip) Jun 10, 2021
b0g3r
Cross-Site Request Forgery in OpenNMS Horizon High
CVE-2021-25931 was published for org.opennms:opennms (Maven) May 25, 2021
Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor High
CVE-2019-19025 was published for github.com/goharbor/harbor (Go) May 18, 2021
Rancher Vulnerable to Cross-site Request Forgery (CSRF) High
CVE-2019-13209 was published for github.com/rancher/rancher (Go) May 18, 2021
Cross-Site Request Forgery in ForkCMS High
CVE-2020-23960 was published for forkcms/forkcms (Composer) May 6, 2021
Cross-Site Request Forgery in Vert.x-Web framework High
CVE-2020-35217 was published for io.vertx:vertx-web (Maven) Apr 22, 2021
Cross-Site Request Forgery (CSRF) in trestle-auth High
CVE-2021-29435 was published for trestle-auth (RubyGems) Apr 13, 2021
tomekr aj-hall
utkanos
Cross-Site Request Forgery in Webargs High
CVE-2020-7965 was published for webargs (pip) Apr 7, 2021
tmorrell gillarramendi
Cross-site Request Forgery in fastify-csrf High
CVE-2020-28482 was published for fastify-csrf (npm) Jan 20, 2021
CSRF can expose users authentication token High
CVE-2021-21241 was published for Flask-Security-Too (pip) Jan 11, 2021
Observable Timing Discrepancy in OpenMage LTS High
CVE-2020-15151 was published for openmage/magento-lts (Composer) Aug 19, 2020
Flyingmana theroch
PgHero gem allows CSRF High
CVE-2020-16253 was published for pghero (RubyGems) Aug 5, 2020
CSRF issue on preview pages in Bolt CMS High
CVE-2020-4040 was published for bolt/bolt (Composer) Jun 9, 2020
staz0t
Backend Same-Site Request Forgery in TYPO3 CMS High
CVE-2020-11069 was published for typo3/cms (Composer) May 13, 2020
ohader
Improper Input Validation and Cross-Site Request Forgery in Keycloak High
CVE-2019-10199 was published for org.keycloak:keycloak-core (Maven) Sep 23, 2019
Cross-Site Request Forgery in MicroPyramid Django CRM High
CVE-2019-11457 was published for django-crm (pip) Sep 11, 2019
python-engineio vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2019-13611 was published for python-engineio (pip) Jul 30, 2019
OmniAuth Ruby gem Cross-site Request Forgery in request phase High
CVE-2015-9284 was published for omniauth (RubyGems) May 29, 2019
G-Rath eugeneius
Apache Airflow vulnerable to CSRF Attacks High
CVE-2019-0229 was published for apache-airflow (pip) Apr 18, 2019
No CSRF Validation in droppy High
CVE-2016-10529 was published for droppy (npm) Feb 18, 2019
Cross-Site Request Forgery (CSRF) in Apache Airflow High
CVE-2017-17835 was published for apache-airflow (pip) Jan 25, 2019
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database