GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
Cross-Site Request Forgery in Spina
Moderate
CVE-2024-7106
was published
for
spina
(RubyGems)
Jul 25, 2024
Possible CSRF attack at questionnaire templates preview
Moderate
CVE-2023-47635
was published
for
decidim-templates
(RubyGems)
Feb 20, 2024
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2
Moderate
CVE-2023-25015
was published
for
clockwork_web
(RubyGems)
Feb 2, 2023
administrate vulnerable to Cross-Site Request Forgery
Moderate
CVE-2016-3098
was published
for
administrate
(RubyGems)
Aug 6, 2022
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
Low
CVE-2022-31000
was published
for
solidus_backend
(RubyGems)
Jun 1, 2022
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Moderate
CVE-2013-7223
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM Cross-Site Request Forgery vulnerability
Moderate
CVE-2015-1585
was published
for
fat_free_crm
(RubyGems)
May 14, 2022
Gem in a Box vulnerable to Cross-site Request Forgery
High
CVE-2017-14683
was published
for
geminabox
(RubyGems)
May 13, 2022
CSRF forgery protection bypass in solidus_frontend
Moderate
CVE-2021-43846
was published
for
solidus_frontend
(RubyGems)
Jan 6, 2022
Authentication Bypass by CSRF Weakness
Critical
GHSA-gpqc-4pp7-5954
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-8xfw-5q82-3652
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-6mqr-q86q-6gwr
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
CVE-2021-41275
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-5629-8855-gf4g
was published
for
solidus_core
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
CVE-2021-41274
was published
for
solidus_auth_devise
(RubyGems)
Nov 18, 2021
Older releases of better_errors open to Cross-Site Request Forgery attack
Moderate
CVE-2021-39197
was published
for
better_errors
(RubyGems)
Sep 7, 2021
Cross-Site Request Forgery (CSRF) in trestle-auth
High
CVE-2021-29435
was published
for
trestle-auth
(RubyGems)
Apr 13, 2021
Cross-Site Request Forgery (CSRF)
Moderate
GHSA-wj5j-xpcj-45gc
was published
for
devise_invitable
(RubyGems)
Feb 24, 2021
•
withdrawn
Field Test CSRF vulnerability
Moderate
CVE-2020-16252
was published
for
field_test
(RubyGems)
Aug 5, 2020
CSRF Vulnerability in rails-ujs
Moderate
CVE-2020-8167
was published
for
actionview
(RubyGems)
Jul 7, 2020
Ability to forge per-form CSRF tokens in Rails
Moderate
CVE-2020-8166
was published
for
actionpack
(RubyGems)
May 26, 2020
OmniAuth Ruby gem Cross-site Request Forgery in request phase
High
CVE-2015-9284
was published
for
omniauth
(RubyGems)
May 29, 2019
Doorkeeper contains Cross-site Request Forgery
Moderate
CVE-2014-8144
was published
for
doorkeeper
(RubyGems)
Sep 17, 2018
Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability
High
CVE-2015-4619
was published
for
spina
(RubyGems)
Aug 28, 2018
ProTip!
Advisories are also available from the
GraphQL API