GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,071
Erlang
29
GitHub Actions
19
Go
1,893
Maven
5,000+
npm
3,630
NuGet
638
pip
3,243
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
349 advisories
Filter by severity
Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4
Moderate
CVE-2022-24712
was published
for
codeigniter4/framework
(Composer)
Mar 1, 2022
Cross-Site Request Forgery microweber
Moderate
CVE-2022-0638
was published
for
microweber/microweber
(Composer)
Feb 18, 2022
Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-25192
was published
for
io.jenkins.plugins:embotics-vcommander
(Maven)
Feb 16, 2022
CSRF vulnerability in Jenkins Checkmarx Plugin allow capturing credentials
Moderate
CVE-2022-25200
was published
for
com.checkmarx.jenkins:checkmarx
(Maven)
Feb 16, 2022
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25212
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
Cross-Site Request Forgery in Drupal core
Moderate
CVE-2020-13674
was published
for
drupal/core
(Composer)
Feb 12, 2022
Cross-Site Request Forgery in CakePHP
Moderate
CVE-2020-15400
was published
for
cakephp/cakephp
(Composer)
Feb 10, 2022
Cross-Site Request Forgery
Moderate
CVE-2020-7780
was published
for
com.softwaremill.akka-http-session:core_2.11
(Maven)
Feb 9, 2022
Cross-Site Request Forgery in microweber
Moderate
CVE-2022-0505
was published
for
microweber/microweber
(Composer)
Feb 9, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat
Moderate
CVE-2022-0231
was published
for
remdex/livehelperchat
(Composer)
Jan 26, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat
Moderate
CVE-2022-0226
was published
for
remdex/livehelperchat
(Composer)
Jan 26, 2022
Cross-Site Request Forgery in Jenkins
Moderate
CVE-2022-20612
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 21, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
Moderate
CVE-2022-0245
was published
for
livehelperchat/livehelperchat
(Composer)
Jan 21, 2022
Cross-Site Request Forgery in Jenkins Mailer Plugin
Moderate
CVE-2022-20613
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
Jan 13, 2022
CSRF vulnerability in Jenkins batch task Plugin
Moderate
CVE-2022-23115
was published
for
org.jenkins-ci.plugins:batch-task
(Maven)
Jan 13, 2022
CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin
Moderate
CVE-2022-23111
was published
for
org.jenkins-ci.plugins:publish-over-ssh
(Maven)
Jan 13, 2022
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4168
was published
for
showdoc/showdoc
(Composer)
Jan 6, 2022
archivy is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4162
was published
for
archivy
(pip)
Jan 6, 2022
Cross-Site Request Forgery in Moodle
Moderate
CVE-2020-1692
was published
for
moodle/moodle
(Composer)
Jan 6, 2022
CSRF forgery protection bypass in solidus_frontend
Moderate
CVE-2021-43846
was published
for
solidus_frontend
(RubyGems)
Jan 6, 2022
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4123
was published
for
remdex/livehelperchat
(Composer)
Dec 17, 2021
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4082
was published
for
pimcore/pimcore
(Composer)
Dec 16, 2021
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4092
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
Cross-Site Request Forgery in kimai2
Moderate
CVE-2021-4033
was published
for
kevinpapst/kimai2
(Composer)
Dec 10, 2021
Cross Site Request Forgery in firefly-iii
Moderate
CVE-2021-4005
was published
for
grumpydictator/firefly-iii
(Composer)
Dec 10, 2021
ProTip!
Advisories are also available from the
GraphQL API