GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
311 advisories
Filter by severity
Cross-Site Request Forgery (CSRF) in keystone
High
CVE-2017-16570
was published
for
keystone
(npm)
Nov 30, 2017
Kotti CSRF in the local roles implementation
High
CVE-2018-9856
was published
for
Kotti
(pip)
Jul 12, 2018
Django Cross-Site Request Forgery vulnerability
High
CVE-2011-4140
was published
for
Django
(pip)
Jul 23, 2018
Cross-site request forgery in rails_admin
High
CVE-2016-10522
was published
for
rails_admin
(RubyGems)
Aug 8, 2018
Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability
High
CVE-2015-4619
was published
for
spina
(RubyGems)
Aug 28, 2018
High severity vulnerability that affects io.vertx:vertx-web
High
CVE-2018-12540
was published
for
io.vertx:vertx-web
(Maven)
Oct 17, 2018
OrientDB-Server vulnerable to Cross-Site Request Forgery
High
CVE-2015-2912
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
Cross-Site Request Forgery (CSRF) in Auth0
High
CVE-2018-6874
was published
for
auth0-js
(npm)
Nov 6, 2018
Cross-Site Request Forgery (CSRF) in Luigi
High
CVE-2018-1000843
was published
for
luigi
(pip)
Dec 20, 2018
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons
High
CVE-2018-20595
was published
for
org.hswebframework.web:hsweb-commons
(Maven)
Jan 4, 2019
Cross-Site Request Forgery (CSRF) in Apache Airflow
High
CVE-2017-17835
was published
for
apache-airflow
(pip)
Jan 25, 2019
Apache Airflow vulnerable to CSRF Attacks
High
CVE-2019-0229
was published
for
apache-airflow
(pip)
Apr 18, 2019
OmniAuth Ruby gem Cross-site Request Forgery in request phase
High
CVE-2015-9284
was published
for
omniauth
(RubyGems)
May 29, 2019
python-engineio vulnerable to Cross-Site Request Forgery (CSRF)
High
CVE-2019-13611
was published
for
python-engineio
(pip)
Jul 30, 2019
Cross-Site Request Forgery in MicroPyramid Django CRM
High
CVE-2019-11457
was published
for
django-crm
(pip)
Sep 11, 2019
Improper Input Validation and Cross-Site Request Forgery in Keycloak
High
CVE-2019-10199
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 23, 2019
Backend Same-Site Request Forgery in TYPO3 CMS
High
CVE-2020-11069
was published
for
typo3/cms
(Composer)
May 13, 2020
CSRF issue on preview pages in Bolt CMS
High
CVE-2020-4040
was published
for
bolt/bolt
(Composer)
Jun 9, 2020
Observable Timing Discrepancy in OpenMage LTS
High
CVE-2020-15151
was published
for
openmage/magento-lts
(Composer)
Aug 19, 2020
ProTip!
Advisories are also available from the
GraphQL API