Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

207 advisories

Loading
ProcessWire vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-40488 was published for processwire/processwire (Composer) Oct 31, 2022
Duplicate Advisory: Cross-Site Request Forgery in easyii CMS High
CVE-2022-3772 was published for noumo/easyii (Composer) Oct 31, 2022 withdrawn
Moodle Cross-Site Request Forgery (CSRF) High
CVE-2022-2986 was published for moodle/moodle (Composer) Oct 6, 2022
Froxlor vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2022-3017 was published for froxlor/froxlor (Composer) Aug 29, 2022
Kirby CMS 2.5.12 Cross-site Request Forgery Moderate
CVE-2018-14519 was published for getkirby/cms (Composer) Aug 25, 2022
CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection Moderate
CVE-2022-35943 was published for codeigniter4/shield (Composer) Aug 18, 2022
wert310 pedromigueladao
lavish
Microweber before v1.2.20 vulnerable to cross-site scripting Moderate
CVE-2022-2353 was published for microweber/microweber (Composer) Jul 10, 2022
Cross-Site Request Forgery in Elefant CMS High
CVE-2017-20062 was published for elefant/cms (Composer) Jun 21, 2022
Cross-Site Request Forgery in easyii CMS Moderate
CVE-2020-36534 was published for noumo/easyii (Composer) Jun 8, 2022
phpMyAdmin Cross-Site Request Forgery (CSRF) Moderate
CVE-2019-12922 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
EC-CUBE Cross-site request forgery (CSRF) vulnerability Moderate
CVE-2021-20842 was published for ec-cube/ec-cube (Composer) May 24, 2022
Moodle contains CSRF vulnerability High
CVE-2021-43559 was published for moodle/moodle (Composer) May 24, 2022
ThinkCMF Cross Site Request Forgerly (CSRF) vulnerability Moderate
CVE-2020-18151 was published for thinkcmf/thinkcmf (Composer) May 24, 2022
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability High
CVE-2020-13663 was published for drupal/core (Composer) May 24, 2022
westonsteimel
Grav CMS Cross-Site Request Forgery (CSRF) High
CVE-2020-29553 was published for getgrav/grav (Composer) May 24, 2022
Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API Moderate
CVE-2021-21027 was published for magento/community-edition (Composer) May 24, 2022
CakePHP allows method override parameters to bypass CSRF checks High
CVE-2020-35239 was published for cakephp/cakephp (Composer) May 24, 2022
ravage84
OpenCart Cross-Site Request Forgery (CSRF) Low
CVE-2020-28838 was published for opencart/opencart (Composer) May 24, 2022
Subrion CMS CSRF Vulnerability High
CVE-2019-7357 was published for intelliants/subrion (Composer) May 24, 2022
PyroCMS Vulnerable to CSRF High
CVE-2020-25263 was published for pyrocms/pyrocms (Composer) May 24, 2022
PyroCMS Vulnerable to CSRF Moderate
CVE-2020-25262 was published for pyrocms/pyrocms (Composer) May 24, 2022
Codiad CSRF Vulnerability High
CVE-2020-14043 was published for codiad/codiad (Composer) May 24, 2022
NukeViet Cross-Site Request Forgery (CSRF) Moderate
CVE-2020-13156 was published for nukeviet/nukeviet (Composer) May 24, 2022
NukeViet Cross-Site Request Forgery (CSRF) High
CVE-2020-13155 was published for nukeviet/nukeviet (Composer) May 24, 2022
NukeViet Cross-Site Request Forgery (CSRF) Moderate
CVE-2020-13157 was published for nukeviet/nukeviet (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API