GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
207 advisories
Filter by severity
ProcessWire vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-40488
was published
for
processwire/processwire
(Composer)
Oct 31, 2022
Duplicate Advisory: Cross-Site Request Forgery in easyii CMS
High
CVE-2022-3772
was published
for
noumo/easyii
(Composer)
Oct 31, 2022
•
withdrawn
Moodle Cross-Site Request Forgery (CSRF)
High
CVE-2022-2986
was published
for
moodle/moodle
(Composer)
Oct 6, 2022
Froxlor vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2022-3017
was published
for
froxlor/froxlor
(Composer)
Aug 29, 2022
Kirby CMS 2.5.12 Cross-site Request Forgery
Moderate
CVE-2018-14519
was published
for
getkirby/cms
(Composer)
Aug 25, 2022
CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection
Moderate
CVE-2022-35943
was published
for
codeigniter4/shield
(Composer)
Aug 18, 2022
Microweber before v1.2.20 vulnerable to cross-site scripting
Moderate
CVE-2022-2353
was published
for
microweber/microweber
(Composer)
Jul 10, 2022
Cross-Site Request Forgery in Elefant CMS
High
CVE-2017-20062
was published
for
elefant/cms
(Composer)
Jun 21, 2022
Cross-Site Request Forgery in easyii CMS
Moderate
CVE-2020-36534
was published
for
noumo/easyii
(Composer)
Jun 8, 2022
phpMyAdmin Cross-Site Request Forgery (CSRF)
Moderate
CVE-2019-12922
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
EC-CUBE Cross-site request forgery (CSRF) vulnerability
Moderate
CVE-2021-20842
was published
for
ec-cube/ec-cube
(Composer)
May 24, 2022
Moodle contains CSRF vulnerability
High
CVE-2021-43559
was published
for
moodle/moodle
(Composer)
May 24, 2022
ThinkCMF Cross Site Request Forgerly (CSRF) vulnerability
Moderate
CVE-2020-18151
was published
for
thinkcmf/thinkcmf
(Composer)
May 24, 2022
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability
High
CVE-2020-13663
was published
for
drupal/core
(Composer)
May 24, 2022
Grav CMS Cross-Site Request Forgery (CSRF)
High
CVE-2020-29553
was published
for
getgrav/grav
(Composer)
May 24, 2022
Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API
Moderate
CVE-2021-21027
was published
for
magento/community-edition
(Composer)
May 24, 2022
CakePHP allows method override parameters to bypass CSRF checks
High
CVE-2020-35239
was published
for
cakephp/cakephp
(Composer)
May 24, 2022
OpenCart Cross-Site Request Forgery (CSRF)
Low
CVE-2020-28838
was published
for
opencart/opencart
(Composer)
May 24, 2022
Subrion CMS CSRF Vulnerability
High
CVE-2019-7357
was published
for
intelliants/subrion
(Composer)
May 24, 2022
PyroCMS Vulnerable to CSRF
High
CVE-2020-25263
was published
for
pyrocms/pyrocms
(Composer)
May 24, 2022
PyroCMS Vulnerable to CSRF
Moderate
CVE-2020-25262
was published
for
pyrocms/pyrocms
(Composer)
May 24, 2022
Codiad CSRF Vulnerability
High
CVE-2020-14043
was published
for
codiad/codiad
(Composer)
May 24, 2022
NukeViet Cross-Site Request Forgery (CSRF)
Moderate
CVE-2020-13156
was published
for
nukeviet/nukeviet
(Composer)
May 24, 2022
NukeViet Cross-Site Request Forgery (CSRF)
High
CVE-2020-13155
was published
for
nukeviet/nukeviet
(Composer)
May 24, 2022
NukeViet Cross-Site Request Forgery (CSRF)
Moderate
CVE-2020-13157
was published
for
nukeviet/nukeviet
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API