GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,010
Maven
5,000+
npm
3,719
NuGet
662
pip
3,391
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
106 advisories
Filter by severity
CSRF leading to delete account in wallabag/wallabag
Moderate
CVE-2023-0737
was published
for
wallabag/wallabag
(Composer)
Nov 15, 2024
Magento Open Source Cross-Site Request Forgery vulnerability
Moderate
CVE-2024-39408
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-39410
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-39409
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Moodle CSRF risks due to misuse of confirm_sesskey
Moderate
CVE-2024-38276
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Zend-Diactoros URL Rewrite vulnerability
Moderate
GHSA-fq4p-86hh-42v9
was published
for
zendframework/zend-diactoros
(Composer)
Jun 7, 2024
Zendframework URL Rewrite vulnerability
Moderate
GHSA-fh7r-58q4-6387
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Moodle Logout CSRF in admin/tool/mfa/auth.php
Moderate
CVE-2024-34007
was published
for
moodle/moodle
(Composer)
May 31, 2024
Sylius Resource Bundle Cross-Site Request Forgery vulnerability
Moderate
GHSA-65v7-wg35-2qpm
was published
for
sylius/resource-bundle
(Composer)
May 29, 2024
Silverstripe Missing CSRF protection in login form
Moderate
GHSA-vj2j-6g3w-4662
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter
Moderate
GHSA-2hpc-mf4q-j885
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe Forum Module CSRF Vulnerability
Moderate
GHSA-w8fq-xgvh-cxc2
was published
for
silverstripe/forum
(Composer)
May 23, 2024
sensiolabs/connect has a Cross-Site Request Forgery Vulnerability
Moderate
GHSA-6wqp-7g94-f69j
was published
for
sensiolabs/connect
(Composer)
May 21, 2024
Cross-Site Request Forgery in Anchor CMS
Moderate
CVE-2024-29338
was published
for
anchorcms/anchor-cms
(Composer)
Mar 22, 2024
Cross-Site Request Forgery in moodle
Moderate
CVE-2024-25982
was published
for
moodle/moodle
(Composer)
Feb 19, 2024
Concrete CMS Cross Site Request Forgery (CSRF)
Moderate
CVE-2023-48652
was published
for
concrete5/concrete5
(Composer)
Dec 25, 2023
Cross-Site Request Forgery (CSRF) in automad/automad
Moderate
CVE-2023-7038
was published
for
automad/automad
(Composer)
Dec 21, 2023
Phpsysinfo Cross Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2023-49006
was published
for
phpsysinfo/phpsysinfo
(Composer)
Dec 19, 2023
baserCMS CSRF vulnerability in Content preview Feature
Moderate
CVE-2023-43649
was published
for
baserproject/basercms
(Composer)
Oct 26, 2023
Wallabag user can reset data unintentionally
Moderate
CVE-2023-4454
was published
for
wallabag/wallabag
(Composer)
Aug 21, 2023
Wallabag user can delete own API client unintentionally
Moderate
CVE-2023-4455
was published
for
wallabag/wallabag
(Composer)
Aug 21, 2023
Duplicate Advisory: Wallabag user can delete own API client unintentionally
Moderate
GHSA-gvvx-fc6p-2h9x
was published
for
wallabag/wallabag
(Composer)
Aug 21, 2023
•
withdrawn
Duplicate Advisory: Wallabag user can reset data unintentionally
Moderate
GHSA-rwpg-4c4c-v3r4
was published
for
wallabag/wallabag
(Composer)
Aug 21, 2023
•
withdrawn
Possible CSRF token fixation
Moderate
CVE-2023-25170
was published
for
prestashop/prestashop
(Composer)
Mar 13, 2023
Cross-Site Request Forgery (CSRF) in wallabag/wallabag
Moderate
CVE-2023-0735
was published
for
wallabag/wallabag
(Composer)
Feb 8, 2023
ProTip!
Advisories are also available from the
GraphQL API