Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

208 advisories

Loading
CakePHP has incorrect Cross-Site Request Forgery validation Moderate
GHSA-829q-v5g8-hhxc was published for cakephp/cakephp (Composer) Jan 20, 2023
Predictable CSRF tokens in centreon/centreon Moderate
CVE-2021-28055 was published for centreon/centreon (Composer) Jun 8, 2021
Cross-Site Request Forgery in Anchor CMS Moderate
CVE-2022-25576 was published for anchorcms/anchor-cms (Composer) Mar 26, 2022
Cross-Site Request Forgery in YOURLS Low
CVE-2022-0088 was published for yourls/yourls (Composer) Apr 4, 2022
Kirby CMS 2.5.12 Cross-site Request Forgery Moderate
CVE-2018-14519 was published for getkirby/cms (Composer) Aug 25, 2022
Froxlor vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2022-3017 was published for froxlor/froxlor (Composer) Aug 29, 2022
Cross-Site Request Forgery in Elefant CMS High
CVE-2017-20062 was published for elefant/cms (Composer) Jun 21, 2022
CSRF issue on preview pages in Bolt CMS High
CVE-2020-4040 was published for bolt/bolt (Composer) Jun 9, 2020
staz0t
Concrete CMS vulnerable to Cross-site Request Forgery High
CVE-2022-43693 was published for concrete5/concrete5 (Composer) Nov 14, 2022
Malfunction of CSRF token validation in Shopware High
CVE-2022-24879 was published for shopware/shopware (Composer) Apr 28, 2022
ProcessWire vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-40488 was published for processwire/processwire (Composer) Oct 31, 2022
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter High
CVE-2015-8379 was published for cakephp/cakephp (Composer) May 14, 2022
ravage84
CakePHP allows method override parameters to bypass CSRF checks High
CVE-2020-35239 was published for cakephp/cakephp (Composer) May 24, 2022
ravage84
CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection Moderate
CVE-2022-35943 was published for codeigniter4/shield (Composer) Aug 18, 2022
wert310 pedromigueladao
lavish
Cross-Site Request Forgery in Moodle Moderate
CVE-2022-45149 was published for moodle/moodle (Composer) Nov 23, 2022
Observable Timing Discrepancy in OpenMage LTS High
CVE-2020-15151 was published for openmage/magento-lts (Composer) Aug 19, 2020
Flyingmana theroch
Cross-Site Request Forgery in ForkCMS High
CVE-2020-23960 was published for forkcms/forkcms (Composer) May 6, 2021
Cross-Site Request Forgery in MAGMI Moderate
CVE-2020-5776 was published for dweeves/magmi (Composer) May 6, 2021
Cross-Site Request Forgery in forkcms High
CVE-2020-23264 was published for forkcms/forkcms (Composer) Jun 22, 2021
Cross-Site Request Forgery in firefly-iii Moderate
CVE-2021-3819 was published for grumpydictator/firefly-iii (Composer) Sep 29, 2021
Cross-Site Request Forgery in snipe-it Moderate
CVE-2021-3858 was published for snipe/snipe-it (Composer) Oct 21, 2021
Cross-Site Request Forgery in GilaCMS High
CVE-2020-20693 was published for gilacms/gila (Composer) Sep 30, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3683 was published for showdoc/showdoc (Composer) Nov 15, 2021
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3931 was published for snipe/snipe-it (Composer) Nov 15, 2021
Improper Restriction of Rendered UI Layers or Frames in yourls Moderate
CVE-2021-3734 was published for yourls/yourls (Composer) Aug 30, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database