Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

351 advisories

Loading
Cross-Site Request Forgery (CSRF) Moderate
GHSA-wj5j-xpcj-45gc was published for devise_invitable (RubyGems) Feb 24, 2021 withdrawn
CSRF and DNS Rebinding in Oasis Moderate
CVE-2020-11003 was published for @fraction/oasis (npm) Apr 16, 2020
christianbundy zozs
Sensitive information exposure through logs in npm-registry-fetch Moderate
GHSA-jmqm-f2gx-4fjv was published for npm-registry-fetch (npm) Jul 7, 2020
CSRF Vulnerability in polaris-website Moderate
GHSA-whrh-9j4q-g7ph was published for polaris-website (npm) Aug 5, 2020
CSRF vulnerability in save-server Moderate
CVE-2020-15135 was published for save-server (npm) Aug 4, 2020
CSRF in Play Framework Moderate
CVE-2020-12480 was published for com.typesafe.play:play_2.12 (Maven) Aug 18, 2020
XSS due to lack of CSRF validation for replying/publishing Moderate
CVE-2020-15156 was published for nodebb-plugin-blog-comments (npm) Aug 26, 2020
gwynnarth
CSRF Vulnerability in jquery-ujs Moderate
GHSA-6qqj-rx4w-r3cj was published for jquery-ujs (npm) Aug 31, 2020
kube-httpcache is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
GHSA-47xh-qxqv-mgvg was published for github.com/mittwald/kube-httpcache (Go) Dec 2, 2022
kbcasagrande
CakePHP has incorrect Cross-Site Request Forgery validation Moderate
GHSA-829q-v5g8-hhxc was published for cakephp/cakephp (Composer) Jan 20, 2023
Fat Free CRM contains Cross-site Request Forgery vulnerablilities Moderate
CVE-2013-7223 was published for fat_free_crm (RubyGems) May 17, 2022
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24437 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25212 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault
Predictable CSRF tokens in centreon/centreon Moderate
CVE-2021-28055 was published for centreon/centreon (Composer) Jun 8, 2021
Cross-Site Request Forgery in Anchor CMS Moderate
CVE-2022-25576 was published for anchorcms/anchor-cms (Composer) Mar 26, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2018-1000195 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2017-2613 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Froxlor vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2022-3017 was published for froxlor/froxlor (Composer) Aug 29, 2022
Kirby CMS 2.5.12 Cross-site Request Forgery Moderate
CVE-2018-14519 was published for getkirby/cms (Composer) Aug 25, 2022
Cross-Site Request Forgery in Apache Tomcat Moderate
CVE-2012-4431 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Cross-Site Request Forgery in Jolokia Moderate
CVE-2014-0168 was published for org.jolokia:jolokia-core (Maven) May 17, 2022
XWiki Cross-Site Request Forgery (CSRF) for actions on tags Moderate
CVE-2022-36095 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Sep 16, 2022
Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-25192 was published for io.jenkins.plugins:embotics-vcommander (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins Script Security Plugin Moderate
CVE-2022-30946 was published for org.jenkins-ci.plugins:script-security (Maven) May 18, 2022
NotMyFault
Lack of protection against cookie tossing attacks in fastify-csrf Moderate
CVE-2021-29624 was published for fastify-csrf (npm) May 17, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database