Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

108 advisories

Loading
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability Moderate
CVE-2023-48651 was published for concrete5/concrete5 (Composer) Feb 29, 2024
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability Moderate
CVE-2023-48653 was published for concrete5/concrete5 (Composer) Feb 29, 2024
CSRF leading to delete account in wallabag/wallabag Moderate
CVE-2023-0737 was published for wallabag/wallabag (Composer) Nov 15, 2024
Cross-Site Request Forgery in Anchor CMS Moderate
CVE-2024-29338 was published for anchorcms/anchor-cms (Composer) Mar 22, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2024-39410 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2024-39409 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Open Source Cross-Site Request Forgery vulnerability Moderate
CVE-2024-39408 was published for magento/community-edition (Composer) Aug 14, 2024
Cross-Site Request Forgery (CSRF) in automad/automad Moderate
CVE-2023-7038 was published for automad/automad (Composer) Dec 21, 2023
marcantondahmen
Moodle CSRF risks due to misuse of confirm_sesskey Moderate
CVE-2024-38276 was published for moodle/moodle (Composer) Jun 18, 2024
Zend-Diactoros URL Rewrite vulnerability Moderate
GHSA-fq4p-86hh-42v9 was published for zendframework/zend-diactoros (Composer) Jun 7, 2024
Zendframework URL Rewrite vulnerability Moderate
GHSA-fh7r-58q4-6387 was published for zendframework/zendframework (Composer) Jun 7, 2024
Moodle Logout CSRF in admin/tool/mfa/auth.php Moderate
CVE-2024-34007 was published for moodle/moodle (Composer) May 31, 2024
Sylius Resource Bundle Cross-Site Request Forgery vulnerability Moderate
GHSA-65v7-wg35-2qpm was published for sylius/resource-bundle (Composer) May 29, 2024
Silverstripe Missing CSRF protection in login form Moderate
GHSA-vj2j-6g3w-4662 was published for silverstripe/framework (Composer) May 23, 2024
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter Moderate
GHSA-2hpc-mf4q-j885 was published for silverstripe/framework (Composer) May 23, 2024
Silverstripe Forum Module CSRF Vulnerability Moderate
GHSA-w8fq-xgvh-cxc2 was published for silverstripe/forum (Composer) May 23, 2024
sensiolabs/connect has a Cross-Site Request Forgery Vulnerability Moderate
GHSA-6wqp-7g94-f69j was published for sensiolabs/connect (Composer) May 21, 2024
PyroCMS Vulnerable to CSRF Moderate
CVE-2020-25262 was published for pyrocms/pyrocms (Composer) May 24, 2022
SilverStripe Denial of Service on flush and development URL tools Moderate
CVE-2019-12246 was published for silverstripe/framework (Composer) May 24, 2022
ThinkCMF Cross Site Request Forgerly (CSRF) vulnerability Moderate
CVE-2020-18151 was published for thinkcmf/thinkcmf (Composer) May 24, 2022
EC-CUBE Cross-site request forgery (CSRF) vulnerability Moderate
CVE-2021-20842 was published for ec-cube/ec-cube (Composer) May 24, 2022
NukeViet Cross-Site Request Forgery (CSRF) Moderate
CVE-2020-13157 was published for nukeviet/nukeviet (Composer) May 24, 2022
NukeViet Cross-Site Request Forgery (CSRF) Moderate
CVE-2020-13156 was published for nukeviet/nukeviet (Composer) May 24, 2022
Comments plugin Cross-Site Request Forgery (CSRF) Moderate
CVE-2020-13868 was published for verbb/comments (Composer) May 24, 2022
phpBB Cross-Site Request Forgery (CSRF) Moderate
CVE-2019-13376 was published for phpbb/phpbb (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API