GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
kube-httpcache is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
GHSA-47xh-qxqv-mgvg
was published
for
github.com/mittwald/kube-httpcache
(Go)
Dec 2, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF
Low
CVE-2022-41925
was published
for
tailscale.com/cmd
(Go)
Nov 21, 2022
usememos/memos Cross-Site Request Forgery vulnerability
Moderate
CVE-2022-4846
was published
for
github.com/usememos/memos
(Go)
Dec 29, 2022
usememos/memos Cross-Site Request Forgery vulnerability
Moderate
CVE-2022-4850
was published
for
github.com/usememos/memos
(Go)
Dec 29, 2022
usememos/memos Cross-Site Request Forgery vulnerability
High
CVE-2022-4844
was published
for
github.com/usememos/memos
(Go)
Dec 29, 2022
usememos/memos Cross-Site Request Forgery vulnerability
Moderate
CVE-2022-4845
was published
for
github.com/usememos/memos
(Go)
Dec 29, 2022
usememos/memos Cross-Site Request Forgery vulnerability
Moderate
CVE-2022-4849
was published
for
github.com/usememos/memos
(Go)
Dec 29, 2022
Phachon mm-wiki Cross Site Request Forgery vulnerability
High
CVE-2020-19278
was published
for
github.com/phachon/mm-wiki
(Go)
Apr 4, 2023
Tailscale Windows daemon is vulnerable to RCE via CSRF
Critical
CVE-2022-41924
was published
for
tailscale.com
(Go)
Nov 21, 2022
Minikube RCE via DNS Rebinding
High
CVE-2018-1002103
was published
for
k8s.io/minikube
(Go)
May 13, 2022
Golf may allow attacker to bypass CSRF protections due to weak PRNG
High
CVE-2016-15005
was published
for
github.com/dinever/golf
(Go)
Dec 28, 2022
etcd Cross-site Request Forgery (CSRF)
High
CVE-2018-1098
was published
for
go.etcd.io/etcd/v3
(Go)
Feb 15, 2022
Cross Site Request Forgery in Gitea
High
CVE-2021-45326
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Rancher Vulnerable to Cross-site Request Forgery (CSRF)
High
CVE-2019-13209
was published
for
github.com/rancher/rancher
(Go)
May 18, 2021
Cross-site Request Forgery (CSRF)
High
CVE-2017-1000069
was published
for
github.com/bitly/oauth2_proxy
(Go)
Dec 20, 2021
Withdrawn Advisory: OpenShift OAuth Server XSS Vulnerability
Moderate
CVE-2019-3876
was published
for
github.com/openshift/oauth-apiserver
(Go)
May 13, 2022
•
withdrawn
AdGuardHome vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-32175
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Oct 11, 2022
Cross-Site Request Forgery (CSRF) in usememos/memos
High
CVE-2023-5036
was published
for
github.com/usememos/memos
(Go)
Sep 18, 2023
Casdoor Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-34927
was published
for
github.com/casdoor/casdoor
(Go)
Jun 22, 2023
github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability
High
CVE-2024-22424
was published
for
github.com/argoproj/argo-cd
(Go)
Jan 19, 2024
Grafana Cross Site Request Forgery (CSRF)
Moderate
CVE-2022-21703
was published
for
github.com/grafana/grafana/pkg/web
(Go)
Feb 1, 2024
Go Fiber CSRF Token Validation Vulnerability
High
CVE-2023-45141
was published
for
github.com/gofiber/fiber/v2
(Go)
Oct 17, 2023
Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery
Low
CVE-2024-23319
was published
for
github.com/mattermost/mattermost-plugin-jira
(Go)
Feb 9, 2024
destiny.gg chat vulnerable to cross-site request forgery
High
CVE-2020-36625
was published
for
github.com/destinygg/chat
(Go)
Dec 22, 2022
LocalAI cross-site request forgery vulnerability
Moderate
CVE-2024-3135
was published
for
github.com/go-skynet/LocalAI
(Go)
Apr 1, 2024
ProTip!
Advisories are also available from the
GraphQL API