GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
108 advisories
Filter by severity
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2023-48651
was published
for
concrete5/concrete5
(Composer)
Feb 29, 2024
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2023-48653
was published
for
concrete5/concrete5
(Composer)
Feb 29, 2024
CSRF leading to delete account in wallabag/wallabag
Moderate
CVE-2023-0737
was published
for
wallabag/wallabag
(Composer)
Nov 15, 2024
Cross-Site Request Forgery in Anchor CMS
Moderate
CVE-2024-29338
was published
for
anchorcms/anchor-cms
(Composer)
Mar 22, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-39410
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-39409
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Magento Open Source Cross-Site Request Forgery vulnerability
Moderate
CVE-2024-39408
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Cross-Site Request Forgery (CSRF) in automad/automad
Moderate
CVE-2023-7038
was published
for
automad/automad
(Composer)
Dec 21, 2023
Moodle CSRF risks due to misuse of confirm_sesskey
Moderate
CVE-2024-38276
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Zend-Diactoros URL Rewrite vulnerability
Moderate
GHSA-fq4p-86hh-42v9
was published
for
zendframework/zend-diactoros
(Composer)
Jun 7, 2024
Zendframework URL Rewrite vulnerability
Moderate
GHSA-fh7r-58q4-6387
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Moodle Logout CSRF in admin/tool/mfa/auth.php
Moderate
CVE-2024-34007
was published
for
moodle/moodle
(Composer)
May 31, 2024
Sylius Resource Bundle Cross-Site Request Forgery vulnerability
Moderate
GHSA-65v7-wg35-2qpm
was published
for
sylius/resource-bundle
(Composer)
May 29, 2024
Silverstripe Missing CSRF protection in login form
Moderate
GHSA-vj2j-6g3w-4662
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter
Moderate
GHSA-2hpc-mf4q-j885
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe Forum Module CSRF Vulnerability
Moderate
GHSA-w8fq-xgvh-cxc2
was published
for
silverstripe/forum
(Composer)
May 23, 2024
sensiolabs/connect has a Cross-Site Request Forgery Vulnerability
Moderate
GHSA-6wqp-7g94-f69j
was published
for
sensiolabs/connect
(Composer)
May 21, 2024
PyroCMS Vulnerable to CSRF
Moderate
CVE-2020-25262
was published
for
pyrocms/pyrocms
(Composer)
May 24, 2022
SilverStripe Denial of Service on flush and development URL tools
Moderate
CVE-2019-12246
was published
for
silverstripe/framework
(Composer)
May 24, 2022
ThinkCMF Cross Site Request Forgerly (CSRF) vulnerability
Moderate
CVE-2020-18151
was published
for
thinkcmf/thinkcmf
(Composer)
May 24, 2022
EC-CUBE Cross-site request forgery (CSRF) vulnerability
Moderate
CVE-2021-20842
was published
for
ec-cube/ec-cube
(Composer)
May 24, 2022
NukeViet Cross-Site Request Forgery (CSRF)
Moderate
CVE-2020-13157
was published
for
nukeviet/nukeviet
(Composer)
May 24, 2022
NukeViet Cross-Site Request Forgery (CSRF)
Moderate
CVE-2020-13156
was published
for
nukeviet/nukeviet
(Composer)
May 24, 2022
Comments plugin Cross-Site Request Forgery (CSRF)
Moderate
CVE-2020-13868
was published
for
verbb/comments
(Composer)
May 24, 2022
phpBB Cross-Site Request Forgery (CSRF)
Moderate
CVE-2019-13376
was published
for
phpbb/phpbb
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API