Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

207 advisories

Loading
Cross-Site Request Forgery in Anchor CMS Moderate
CVE-2022-25576 was published for anchorcms/anchor-cms (Composer) Mar 26, 2022
Cross Site Request Forgery in intelliants/subrion High
CVE-2020-18326 was published for intelliants/subrion (Composer) Mar 5, 2022
Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4 Moderate
CVE-2022-24712 was published for codeigniter4/framework (Composer) Mar 1, 2022
Cross-Site Request Forgery microweber Moderate
CVE-2022-0638 was published for microweber/microweber (Composer) Feb 18, 2022
Cross-Site Request Forgery in Drupal core Moderate
CVE-2020-13674 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Cross Site Request Forgery in concrete5/concrete5 High
CVE-2021-22954 was published for concrete5/concrete5 (Composer) Feb 11, 2022
Cross-Site Request Forgery in CakePHP Moderate
CVE-2020-15400 was published for cakephp/cakephp (Composer) Feb 10, 2022
markstory
Cross-Site Request Forgery in microweber Moderate
CVE-2022-0505 was published for microweber/microweber (Composer) Feb 9, 2022
CSRF token missing in Symfony High
CVE-2022-23601 was published for symfony/framework-bundle (Composer) Feb 1, 2022
jderusse nexxome
ovrflo
Cross Site Request Forgery in Moodle High
CVE-2022-0335 was published for moodle/moodle (Composer) Jan 28, 2022
Cross-Site Request Forgery in yetiforce High
CVE-2022-0269 was published for yetiforce/yetiforce-crm (Composer) Jan 27, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat Moderate
CVE-2022-0231 was published for remdex/livehelperchat (Composer) Jan 26, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat Moderate
CVE-2022-0226 was published for remdex/livehelperchat (Composer) Jan 26, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat Moderate
CVE-2022-0245 was published for livehelperchat/livehelperchat (Composer) Jan 21, 2022
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4168 was published for showdoc/showdoc (Composer) Jan 6, 2022
Cross-Site Request Forgery in Moodle Moderate
CVE-2020-1692 was published for moodle/moodle (Composer) Jan 6, 2022
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4131 was published for remdex/livehelperchat (Composer) Jan 5, 2022
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4130 was published for snipe/snipe-it (Composer) Jan 5, 2022
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4123 was published for remdex/livehelperchat (Composer) Dec 17, 2021
pimcore is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4082 was published for pimcore/pimcore (Composer) Dec 16, 2021
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4092 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
Cross-Site Request Forgery in kimai2 Moderate
CVE-2021-4033 was published for kevinpapst/kimai2 (Composer) Dec 10, 2021
Cross-Site Request Forgery in remdex/livehelperchat Low
CVE-2021-4049 was published for remdex/livehelperchat (Composer) Dec 10, 2021
Cross Site Request Forgery in firefly-iii Moderate
CVE-2021-4005 was published for grumpydictator/firefly-iii (Composer) Dec 10, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4015 was published for grumpydictator/firefly-iii (Composer) Dec 6, 2021
ProTip! Advisories are also available from the GraphQL API