GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
207 advisories
Filter by severity
Cross-Site Request Forgery in Anchor CMS
Moderate
CVE-2022-25576
was published
for
anchorcms/anchor-cms
(Composer)
Mar 26, 2022
Cross Site Request Forgery in intelliants/subrion
High
CVE-2020-18326
was published
for
intelliants/subrion
(Composer)
Mar 5, 2022
Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4
Moderate
CVE-2022-24712
was published
for
codeigniter4/framework
(Composer)
Mar 1, 2022
Cross-Site Request Forgery microweber
Moderate
CVE-2022-0638
was published
for
microweber/microweber
(Composer)
Feb 18, 2022
Cross-Site Request Forgery in Drupal core
Moderate
CVE-2020-13674
was published
for
drupal/core
(Composer)
Feb 12, 2022
Cross Site Request Forgery in concrete5/concrete5
High
CVE-2021-22954
was published
for
concrete5/concrete5
(Composer)
Feb 11, 2022
Cross-Site Request Forgery in CakePHP
Moderate
CVE-2020-15400
was published
for
cakephp/cakephp
(Composer)
Feb 10, 2022
Cross-Site Request Forgery in microweber
Moderate
CVE-2022-0505
was published
for
microweber/microweber
(Composer)
Feb 9, 2022
CSRF token missing in Symfony
High
CVE-2022-23601
was published
for
symfony/framework-bundle
(Composer)
Feb 1, 2022
Cross Site Request Forgery in Moodle
High
CVE-2022-0335
was published
for
moodle/moodle
(Composer)
Jan 28, 2022
Cross-Site Request Forgery in yetiforce
High
CVE-2022-0269
was published
for
yetiforce/yetiforce-crm
(Composer)
Jan 27, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat
Moderate
CVE-2022-0231
was published
for
remdex/livehelperchat
(Composer)
Jan 26, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat
Moderate
CVE-2022-0226
was published
for
remdex/livehelperchat
(Composer)
Jan 26, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
Moderate
CVE-2022-0245
was published
for
livehelperchat/livehelperchat
(Composer)
Jan 21, 2022
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4168
was published
for
showdoc/showdoc
(Composer)
Jan 6, 2022
Cross-Site Request Forgery in Moodle
Moderate
CVE-2020-1692
was published
for
moodle/moodle
(Composer)
Jan 6, 2022
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
High
CVE-2021-4131
was published
for
remdex/livehelperchat
(Composer)
Jan 5, 2022
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
High
CVE-2021-4130
was published
for
snipe/snipe-it
(Composer)
Jan 5, 2022
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4123
was published
for
remdex/livehelperchat
(Composer)
Dec 17, 2021
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4082
was published
for
pimcore/pimcore
(Composer)
Dec 16, 2021
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4092
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
Cross-Site Request Forgery in kimai2
Moderate
CVE-2021-4033
was published
for
kevinpapst/kimai2
(Composer)
Dec 10, 2021
Cross-Site Request Forgery in remdex/livehelperchat
Low
CVE-2021-4049
was published
for
remdex/livehelperchat
(Composer)
Dec 10, 2021
Cross Site Request Forgery in firefly-iii
Moderate
CVE-2021-4005
was published
for
grumpydictator/firefly-iii
(Composer)
Dec 10, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4015
was published
for
grumpydictator/firefly-iii
(Composer)
Dec 6, 2021
ProTip!
Advisories are also available from the
GraphQL API