GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
Cross-Site Request Forgery in Spina
Moderate
CVE-2024-7106
was published
for
spina
(RubyGems)
Jul 25, 2024
Possible CSRF attack at questionnaire templates preview
Moderate
CVE-2023-47635
was published
for
decidim-templates
(RubyGems)
Feb 20, 2024
OmniAuth Ruby gem Cross-site Request Forgery in request phase
High
CVE-2015-9284
was published
for
omniauth
(RubyGems)
May 29, 2019
omniauth-facebook Cross-Site Request Forgery vulnerability
Moderate
CVE-2013-4562
was published
for
omniauth-facebook
(RubyGems)
Oct 24, 2017
Cross-site request forgery in rails_admin
High
CVE-2016-10522
was published
for
rails_admin
(RubyGems)
Aug 8, 2018
actionpack Cross-Site Request Forgery vulnerability
Moderate
CVE-2011-0447
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Doorkeeper contains Cross-site Request Forgery
Moderate
CVE-2014-8144
was published
for
doorkeeper
(RubyGems)
Sep 17, 2018
Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability
High
CVE-2015-4619
was published
for
spina
(RubyGems)
Aug 28, 2018
omniauth-oauth2 Cross-Site Request Forgery vulnerability
Moderate
CVE-2012-6134
was published
for
omniauth-oauth2
(RubyGems)
Oct 24, 2017
CSRF Vulnerability in rails-ujs
Moderate
CVE-2020-8167
was published
for
actionview
(RubyGems)
Jul 7, 2020
Ability to forge per-form CSRF tokens in Rails
Moderate
CVE-2020-8166
was published
for
actionpack
(RubyGems)
May 26, 2020
Field Test CSRF vulnerability
Moderate
CVE-2020-16252
was published
for
field_test
(RubyGems)
Aug 5, 2020
Authentication Bypass by CSRF Weakness
Critical
GHSA-6mqr-q86q-6gwr
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-8xfw-5q82-3652
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-gpqc-4pp7-5954
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
rails is vulnerable to CRLF injection
Moderate
CVE-2008-5189
was published
for
rails
(RubyGems)
Oct 24, 2017
Cross-Site Request Forgery (CSRF) in trestle-auth
High
CVE-2021-29435
was published
for
trestle-auth
(RubyGems)
Apr 13, 2021
Authentication Bypass by CSRF Weakness
Critical
CVE-2021-41274
was published
for
solidus_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
CVE-2021-41275
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
CSRF forgery protection bypass in solidus_frontend
Moderate
CVE-2021-43846
was published
for
solidus_frontend
(RubyGems)
Jan 6, 2022
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
Low
CVE-2022-31000
was published
for
solidus_backend
(RubyGems)
Jun 1, 2022
Older releases of better_errors open to Cross-Site Request Forgery attack
Moderate
CVE-2021-39197
was published
for
better_errors
(RubyGems)
Sep 7, 2021
Fat Free CRM Cross-Site Request Forgery vulnerability
Moderate
CVE-2015-1585
was published
for
fat_free_crm
(RubyGems)
May 14, 2022
Gem in a Box vulnerable to Cross-site Request Forgery
High
CVE-2017-14683
was published
for
geminabox
(RubyGems)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API