GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,774
Maven
5,000
npm
3,541
NuGet
617
pip
3,123
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
5,757 advisories
Filter by severity
Cross-Site Request Forgery in firefly-iii
Low
CVE-2021-3901
was published
for
grumpydictator/firefly-iii
(Composer)
Oct 28, 2021
pterodactyl/panel CSRF allowing an external page to trigger a user logout event
Low
CVE-2021-41176
was published
for
pterodactyl/panel
(Composer)
Oct 25, 2021
Cross-Site Request Forgery in snipe-it
Moderate
CVE-2021-3858
was published
for
snipe/snipe-it
(Composer)
Oct 21, 2021
Cross Site Request Forgery in kindeditor
High
CVE-2021-42228
was published
for
kindeditor
(npm)
Oct 18, 2021
Cross-Site-Request-Forgery in Backend
High
CVE-2021-41113
was published
for
typo3/cms
(Composer)
Oct 5, 2021
Cross-Site Request Forgery in GilaCMS
High
CVE-2020-20693
was published
for
gilacms/gila
(Composer)
Sep 30, 2021
Cross-Site Request Forgery in firefly-iii
Moderate
CVE-2021-3819
was published
for
grumpydictator/firefly-iii
(Composer)
Sep 29, 2021
Cross-Site Request Forgery in sqlite-web
High
CVE-2021-23404
was published
for
sqlite-web
(pip)
Sep 9, 2021
Older releases of better_errors open to Cross-Site Request Forgery attack
Moderate
CVE-2021-39197
was published
for
better_errors
(RubyGems)
Sep 7, 2021
Cross-site Request Forgery (CSRF) in joplin
Moderate
CVE-2021-23431
was published
for
joplin
(npm)
Sep 2, 2021
Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server
High
CVE-2021-39133
was published
for
org.rundeck:rundeck-core
(Maven)
Sep 1, 2021
Cross-Site Request Forgery in express-cart
High
CVE-2020-22403
was published
for
express-cart
(npm)
Aug 30, 2021
Improper Restriction of Rendered UI Layers or Frames in yourls
Moderate
CVE-2021-3734
was published
for
yourls/yourls
(Composer)
Aug 30, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3728
was published
for
grumpydictator/firefly-iii
(Composer)
Aug 25, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3730
was published
for
grumpydictator/firefly-iii
(Composer)
Aug 25, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-3729
was published
for
grumpydictator/firefly-iii
(Composer)
Aug 25, 2021
No CSRF protection on the password change form
Moderate
CVE-2021-32730
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Jul 2, 2021
Cross-Site Request Forgery in forkcms
High
CVE-2020-23264
was published
for
forkcms/forkcms
(Composer)
Jun 22, 2021
Cryptographically weak CSRF tokens in Apache MyFaces
High
CVE-2021-26296
was published
for
org.apache.myfaces.core:myfaces-core-module
(Maven)
Jun 16, 2021
Cross-Site Request Forgery in the Jenkins Claim plugin
Moderate
CVE-2021-21620
was published
for
org.jenkins-ci.plugins:claim
(Maven)
Jun 16, 2021
CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials
High
CVE-2021-21652
was published
for
org.jenkins-ci.plugins:xray-connector
(Maven)
Jun 16, 2021
Cross-Site Request Forgery (CSRF) in FastAPI
High
CVE-2021-32677
was published
for
fastapi
(pip)
Jun 10, 2021
Predictable CSRF tokens in centreon/centreon
Moderate
CVE-2021-28055
was published
for
centreon/centreon
(Composer)
Jun 8, 2021
Cross-Site Request Forgery in OpenNMS Horizon
High
CVE-2021-25931
was published
for
org.opennms:opennms
(Maven)
May 25, 2021
Cross-Site Request Forgery in OpenNMS Horizon
Moderate
CVE-2021-25930
was published
for
org.opennms:opennms
(Maven)
May 25, 2021
ProTip!
Advisories are also available from the
GraphQL API