GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
211 advisories
Filter by severity
ThinkCMF Cross Site Request Forgery (CSRF) vulnerability
High
CVE-2022-40489
was published
for
thinkcmf/thinkcmf
(Composer)
Dec 1, 2022
Cross-Site Request Forgery in Moodle
Moderate
CVE-2022-45149
was published
for
moodle/moodle
(Composer)
Nov 23, 2022
Cross-Site Request Forgery in feehi/feehicms
Moderate
CVE-2022-4014
was published
for
feehi/feehicms
(Composer)
Nov 16, 2022
Concrete CMS vulnerable to Cross-site Request Forgery
High
CVE-2022-43693
was published
for
concrete5/concrete5
(Composer)
Nov 14, 2022
ProcessWire vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-40488
was published
for
processwire/processwire
(Composer)
Oct 31, 2022
Duplicate Advisory: Cross-Site Request Forgery in easyii CMS
High
CVE-2022-3772
was published
for
noumo/easyii
(Composer)
Oct 31, 2022
•
withdrawn
Moodle Cross-Site Request Forgery (CSRF)
High
CVE-2022-2986
was published
for
moodle/moodle
(Composer)
Oct 6, 2022
Froxlor vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2022-3017
was published
for
froxlor/froxlor
(Composer)
Aug 29, 2022
Kirby CMS 2.5.12 Cross-site Request Forgery
Moderate
CVE-2018-14519
was published
for
getkirby/cms
(Composer)
Aug 25, 2022
CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection
Moderate
CVE-2022-35943
was published
for
codeigniter4/shield
(Composer)
Aug 18, 2022
Microweber before v1.2.20 vulnerable to cross-site scripting
Moderate
CVE-2022-2353
was published
for
microweber/microweber
(Composer)
Jul 10, 2022
Cross-Site Request Forgery in Elefant CMS
High
CVE-2017-20062
was published
for
elefant/cms
(Composer)
Jun 21, 2022
Cross-Site Request Forgery in easyii CMS
Moderate
CVE-2020-36534
was published
for
noumo/easyii
(Composer)
Jun 8, 2022
phpMyAdmin Cross-Site Request Forgery (CSRF)
Moderate
CVE-2019-12922
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
EC-CUBE Cross-site request forgery (CSRF) vulnerability
Moderate
CVE-2021-20842
was published
for
ec-cube/ec-cube
(Composer)
May 24, 2022
Moodle contains CSRF vulnerability
High
CVE-2021-43559
was published
for
moodle/moodle
(Composer)
May 24, 2022
ThinkCMF Cross Site Request Forgerly (CSRF) vulnerability
Moderate
CVE-2020-18151
was published
for
thinkcmf/thinkcmf
(Composer)
May 24, 2022
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability
High
CVE-2020-13663
was published
for
drupal/core
(Composer)
May 24, 2022
Grav CMS Cross-Site Request Forgery (CSRF)
High
CVE-2020-29553
was published
for
getgrav/grav
(Composer)
May 24, 2022
Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API
Moderate
CVE-2021-21027
was published
for
magento/community-edition
(Composer)
May 24, 2022
CakePHP allows method override parameters to bypass CSRF checks
High
CVE-2020-35239
was published
for
cakephp/cakephp
(Composer)
May 24, 2022
OpenCart Cross-Site Request Forgery (CSRF)
Low
CVE-2020-28838
was published
for
opencart/opencart
(Composer)
May 24, 2022
Subrion CMS CSRF Vulnerability
High
CVE-2019-7357
was published
for
intelliants/subrion
(Composer)
May 24, 2022
PyroCMS Vulnerable to CSRF
Moderate
CVE-2020-25262
was published
for
pyrocms/pyrocms
(Composer)
May 24, 2022
PyroCMS Vulnerable to CSRF
High
CVE-2020-25263
was published
for
pyrocms/pyrocms
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API