GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
CSRF and DNS Rebinding in Oasis
Moderate
CVE-2020-11003
was published
for
@fraction/oasis
(npm)
Apr 16, 2020
Sensitive information exposure through logs in npm-registry-fetch
Moderate
GHSA-jmqm-f2gx-4fjv
was published
for
npm-registry-fetch
(npm)
Jul 7, 2020
CSRF Vulnerability in polaris-website
Moderate
GHSA-whrh-9j4q-g7ph
was published
for
polaris-website
(npm)
Aug 5, 2020
CSRF vulnerability in save-server
Moderate
CVE-2020-15135
was published
for
save-server
(npm)
Aug 4, 2020
XSS due to lack of CSRF validation for replying/publishing
Moderate
CVE-2020-15156
was published
for
nodebb-plugin-blog-comments
(npm)
Aug 26, 2020
CSRF Vulnerability in jquery-ujs
Moderate
GHSA-6qqj-rx4w-r3cj
was published
for
jquery-ujs
(npm)
Aug 31, 2020
Lack of protection against cookie tossing attacks in fastify-csrf
Moderate
CVE-2021-29624
was published
for
fastify-csrf
(npm)
May 17, 2021
NodeBB vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-3978
was published
for
nodebb
(npm)
Nov 13, 2022
Fastify: Incorrect Content-Type parsing can lead to CSRF attack
Moderate
CVE-2022-41919
was published
for
fastify
(npm)
Nov 21, 2022
Cross-site Request Forgery (CSRF) in joplin
Moderate
CVE-2021-23431
was published
for
joplin
(npm)
Sep 2, 2021
Rosetta-Flash JSONP Vulnerability in hapi
Moderate
CVE-2014-4671
was published
for
hapi
(npm)
Aug 31, 2020
The graphql-upload library included in Apollo Server 2 is vulnerable to CSRF mutations
Moderate
GHSA-2p3c-p3qw-69r4
was published
for
apollo-server
(npm)
Oct 12, 2022
@builder.io/qwik-city Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-2307
was published
for
@builder.io/qwik-city
(npm)
Apr 26, 2023
Bypass of CSRF protection in the presence of predictable userInfo
Moderate
CVE-2023-27495
was published
for
@fastify/csrf-protection
(npm)
Apr 20, 2023
CSRF token fixation in fastify-passport
Moderate
CVE-2023-29020
was published
for
@fastify/passport
(npm)
Apr 21, 2023
NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2023-45884
was published
for
openmct
(npm)
Nov 9, 2023
Axios Cross-Site Request Forgery Vulnerability
Moderate
CVE-2023-45857
was published
for
axios
(npm)
Nov 8, 2023
mongo-express Cross-site Request Forgery vulnerability
Moderate
CVE-2023-52555
was published
for
mongo-express
(npm)
Mar 1, 2024
Lunary Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-6862
was published
for
lunary
(npm)
Sep 13, 2024
Hono allows bypass of CSRF Middleware by a request without Content-Type header.
Moderate
CVE-2024-48913
was published
for
hono
(npm)
Oct 15, 2024
Atro CSRF Middleware Bypass (security.checkOrigin)
Moderate
CVE-2024-56140
was published
for
astro
(npm)
Dec 18, 2024
ProTip!
Advisories are also available from the
GraphQL API