GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
CSRF Vuln can expose user's QRcode
Low
GHSA-fxq4-r6mr-9x64
was published
for
Flask-Security-Too
(pip)
Apr 8, 2021
pterodactyl/panel CSRF allowing an external page to trigger a user logout event
Low
CVE-2021-41176
was published
for
pterodactyl/panel
(Composer)
Oct 25, 2021
Cross-Site Request Forgery in firefly-iii
Low
CVE-2021-3901
was published
for
grumpydictator/firefly-iii
(Composer)
Oct 28, 2021
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
Low
CVE-2021-3944
was published
for
ssddanbrown/bookstack
(Composer)
Dec 3, 2021
Cross-Site Request Forgery in remdex/livehelperchat
Low
CVE-2021-4049
was published
for
remdex/livehelperchat
(Composer)
Dec 10, 2021
Cross-Site Request Forgery in YOURLS
Low
CVE-2022-0088
was published
for
yourls/yourls
(Composer)
Apr 4, 2022
CSRF vulnerability in Jenkins Amazon EC2 Plugin
Low
CVE-2020-2090
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
CSRF vulnerability in Amazon EC2 Plugin
Low
CVE-2020-2186
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
OpenCart Cross-Site Request Forgery (CSRF)
Low
CVE-2020-28838
was published
for
opencart/opencart
(Composer)
May 24, 2022
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
Low
CVE-2022-31000
was published
for
solidus_backend
(RubyGems)
Jun 1, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF
Low
CVE-2022-41925
was published
for
tailscale.com/cmd
(Go)
Nov 21, 2022
CSRF vulnerability in Synopsys Jenkins Coverity Plugin
Low
CVE-2023-23847
was published
for
org.jenkins-ci.plugins:synopsys-coverity
(Maven)
Feb 15, 2023
CSRF vulnerability in Jenkins Frugal Testing Plugin
Low
CVE-2023-41946
was published
for
io.jenkins.plugins:frugal-testing
(Maven)
Sep 6, 2023
Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery
Low
CVE-2024-23319
was published
for
github.com/mattermost/mattermost-plugin-jira
(Go)
Feb 9, 2024
Firebase vulnerable to CRSF attack
Low
CVE-2024-4128
was published
for
firebase-tools
(npm)
May 2, 2024
ProcessWire Cross Site Request Forgery vulnerability
Low
CVE-2024-41597
was published
for
processwire/processwire
(Composer)
Jul 19, 2024
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
Low
CVE-2024-41811
was published
for
ipl/web
(Composer)
Aug 5, 2024
Hono CSRF middleware can be bypassed using crafted Content-Type header
Low
CVE-2024-43787
was published
for
hono
(npm)
Aug 22, 2024
LocalAI Cross-site Scripting vulnerability
Low
CVE-2024-48057
was published
for
github.com/mudler/LocalAI
(Go)
Nov 5, 2024
ProTip!
Advisories are also available from the
GraphQL API