GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
211 advisories
Filter by severity
Backend Same-Site Request Forgery in TYPO3 CMS
High
CVE-2020-11069
was published
for
typo3/cms
(Composer)
May 13, 2020
CSRF issue on preview pages in Bolt CMS
High
CVE-2020-4040
was published
for
bolt/bolt
(Composer)
Jun 9, 2020
Observable Timing Discrepancy in OpenMage LTS
High
CVE-2020-15151
was published
for
openmage/magento-lts
(Composer)
Aug 19, 2020
Cross-Site Request Forgery in ForkCMS
High
CVE-2020-23960
was published
for
forkcms/forkcms
(Composer)
May 6, 2021
Cross-Site Request Forgery in MAGMI
Moderate
CVE-2020-5776
was published
for
dweeves/magmi
(Composer)
May 6, 2021
Predictable CSRF tokens in centreon/centreon
Moderate
CVE-2021-28055
was published
for
centreon/centreon
(Composer)
Jun 8, 2021
Cross-Site Request Forgery in forkcms
High
CVE-2020-23264
was published
for
forkcms/forkcms
(Composer)
Jun 22, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3729
was published
for
grumpydictator/firefly-iii
(Composer)
Aug 25, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3730
was published
for
grumpydictator/firefly-iii
(Composer)
Aug 25, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3728
was published
for
grumpydictator/firefly-iii
(Composer)
Aug 25, 2021
Improper Restriction of Rendered UI Layers or Frames in yourls
Moderate
CVE-2021-3734
was published
for
yourls/yourls
(Composer)
Aug 30, 2021
Cross-Site Request Forgery in firefly-iii
Moderate
CVE-2021-3819
was published
for
grumpydictator/firefly-iii
(Composer)
Sep 29, 2021
Cross-Site Request Forgery in GilaCMS
High
CVE-2020-20693
was published
for
gilacms/gila
(Composer)
Sep 30, 2021
Cross-Site-Request-Forgery in Backend
High
CVE-2021-41113
was published
for
typo3/cms
(Composer)
Oct 5, 2021
Cross-Site Request Forgery in snipe-it
Moderate
CVE-2021-3858
was published
for
snipe/snipe-it
(Composer)
Oct 21, 2021
pterodactyl/panel CSRF allowing an external page to trigger a user logout event
Low
CVE-2021-41176
was published
for
pterodactyl/panel
(Composer)
Oct 25, 2021
Cross-Site Request Forgery in firefly-iii
Low
CVE-2021-3901
was published
for
grumpydictator/firefly-iii
(Composer)
Oct 28, 2021
Cross-Site Request Forgery in firefly-iii
Moderate
CVE-2021-3900
was published
for
grumpydictator/firefly-iii
(Composer)
Oct 28, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3776
was published
for
showdoc/showdoc
(Composer)
Nov 15, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3683
was published
for
showdoc/showdoc
(Composer)
Nov 15, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3775
was published
for
showdoc/showdoc
(Composer)
Nov 15, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3921
was published
for
grumpydictator/firefly-iii
(Composer)
Nov 15, 2021
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3931
was published
for
snipe/snipe-it
(Composer)
Nov 15, 2021
twill is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3932
was published
for
area17/twill
(Composer)
Nov 15, 2021
Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys
Moderate
CVE-2021-41273
was published
for
pterodactyl/panel
(Composer)
Nov 18, 2021
ProTip!
Advisories are also available from the
GraphQL API