Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Loading
Kotti CSRF in the local roles implementation High
CVE-2018-9856 was published for Kotti (pip) Jul 12, 2018
Cross-Site Request Forgery in JupyterHub Moderate
CVE-2020-36191 was published for jupyterhub (pip) May 24, 2022
Qutebrowser CSRF Vulnerability High
CVE-2018-10895 was published for qutebrowser (pip) Oct 10, 2018
MicroPyramid Django-CRM CSRF High
CVE-2018-16552 was published for Django-CRM (pip) May 13, 2022
Cross-Site Request Forgery in sqlite-web High
CVE-2021-23404 was published for sqlite-web (pip) Sep 9, 2021
Web2py Cross-Site Request Forgery vulnerability Moderate
CVE-2016-4808 was published for web2py (pip) May 17, 2022
django-cms CSRF Vulnerability High
CVE-2015-5081 was published for django-cms (pip) May 17, 2022
Mirumee Saleor CSRF Protection Disabled High
CVE-2019-13594 was published for saleor (pip) May 24, 2022
Kallithea Routes CSRF Bypass High
CVE-2016-3691 was published for kallithea (pip) May 13, 2022
Plone contains Cross-site Request Forgery Moderate
CVE-2012-5500 was published for plone (pip) May 17, 2022
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4164 was published for calibreweb (pip) Jan 21, 2022
CSRF can expose users authentication token High
CVE-2021-21241 was published for Flask-Security-Too (pip) Jan 11, 2021
Cross-Site Request Forgery in MicroPyramid Django CRM High
CVE-2019-11457 was published for django-crm (pip) Sep 11, 2019
rdiffweb Cross-Site Request Forgery vulnerability Moderate
CVE-2022-3267 was published for rdiffweb (pip) Sep 23, 2022
rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed High
CVE-2022-3274 was published for rdiffweb (pip) Sep 23, 2022
rdiffweb CSRF could lead to disabling notifications in user profile Moderate
CVE-2022-3233 was published for rdiffweb (pip) Sep 22, 2022
rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users Moderate
CVE-2022-3232 was published for rdiffweb (pip) Sep 18, 2022
rdiffweb vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-4646 was published for rdiffweb (pip) Dec 22, 2022
IPython vulnerable to cross site request forgery (CSRF) High
CVE-2015-5607 was published for ipython (pip) May 17, 2022
rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access High
CVE-2022-3221 was published for rdiffweb (pip) Sep 16, 2022
Cross-Site Request Forgery in modoboa Moderate
CVE-2023-0406 was published for modoboa (pip) Jan 19, 2023
Cross Site Request Forgery in mailman High
CVE-2021-44227 was published for mailman (pip) Dec 16, 2021
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints High
CVE-2022-43719 was published for apache-superset (pip) Jan 16, 2023
Cross-Site Request Forgery in modoboa Moderate
CVE-2023-0438 was published for modoboa (pip) Jan 23, 2023
Modoboa is vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-0398 was published for modoboa (pip) Jan 19, 2023
ProTip! Advisories are also available from the GraphQL API