GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
106 advisories
Filter by severity
Cross-Site Request Forgery (CSRF) in livehelperchat
Moderate
CVE-2022-0226
was published
for
remdex/livehelperchat
(Composer)
Jan 26, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
Moderate
CVE-2022-0245
was published
for
livehelperchat/livehelperchat
(Composer)
Jan 21, 2022
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4168
was published
for
showdoc/showdoc
(Composer)
Jan 6, 2022
Cross-Site Request Forgery in Moodle
Moderate
CVE-2020-1692
was published
for
moodle/moodle
(Composer)
Jan 6, 2022
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4123
was published
for
remdex/livehelperchat
(Composer)
Dec 17, 2021
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4082
was published
for
pimcore/pimcore
(Composer)
Dec 16, 2021
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4092
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
Cross-Site Request Forgery in kimai2
Moderate
CVE-2021-4033
was published
for
kevinpapst/kimai2
(Composer)
Dec 10, 2021
Cross Site Request Forgery in firefly-iii
Moderate
CVE-2021-4005
was published
for
grumpydictator/firefly-iii
(Composer)
Dec 10, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4015
was published
for
grumpydictator/firefly-iii
(Composer)
Dec 6, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3993
was published
for
showdoc/showdoc
(Composer)
Dec 3, 2021
Cross-site Scripting in kimai2
Moderate
CVE-2021-3976
was published
for
kevinpapst/kimai2
(Composer)
Nov 23, 2021
Cross-site Scripting in kimai2
Moderate
CVE-2021-3963
was published
for
kevinpapst/kimai2
(Composer)
Nov 23, 2021
Cross-site Scripting in kimai2
Moderate
CVE-2021-3957
was published
for
kevinpapst/kimai2
(Composer)
Nov 23, 2021
The disqualify lead action may be executed without CSRF token check
Moderate
CVE-2021-39198
was published
for
oro/crm
(Composer)
Nov 19, 2021
Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys
Moderate
CVE-2021-41273
was published
for
pterodactyl/panel
(Composer)
Nov 18, 2021
twill is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3932
was published
for
area17/twill
(Composer)
Nov 15, 2021
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3931
was published
for
snipe/snipe-it
(Composer)
Nov 15, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3921
was published
for
grumpydictator/firefly-iii
(Composer)
Nov 15, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3775
was published
for
showdoc/showdoc
(Composer)
Nov 15, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3683
was published
for
showdoc/showdoc
(Composer)
Nov 15, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3776
was published
for
showdoc/showdoc
(Composer)
Nov 15, 2021
Cross-Site Request Forgery in firefly-iii
Moderate
CVE-2021-3900
was published
for
grumpydictator/firefly-iii
(Composer)
Oct 28, 2021
Cross-Site Request Forgery in snipe-it
Moderate
CVE-2021-3858
was published
for
snipe/snipe-it
(Composer)
Oct 21, 2021
Cross-Site Request Forgery in firefly-iii
Moderate
CVE-2021-3819
was published
for
grumpydictator/firefly-iii
(Composer)
Sep 29, 2021
ProTip!
Advisories are also available from the
GraphQL API