Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

21 advisories

Loading
Moderate severity vulnerability that affects django Moderate
CVE-2011-4140 was published for django (pip) Jul 23, 2018
Modoboa is vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-0398 was published for modoboa (pip) Jan 19, 2023
Cross-Site Request Forgery in modoboa Moderate
CVE-2023-0438 was published for modoboa (pip) Jan 23, 2023
Cross-Site Request Forgery in modoboa Moderate
CVE-2023-0406 was published for modoboa (pip) Jan 19, 2023
rdiffweb vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-4646 was published for rdiffweb (pip) Dec 22, 2022
rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users Moderate
CVE-2022-3232 was published for rdiffweb (pip) Sep 18, 2022
rdiffweb CSRF could lead to disabling notifications in user profile Moderate
CVE-2022-3233 was published for rdiffweb (pip) Sep 22, 2022
rdiffweb Cross-Site Request Forgery vulnerability Moderate
CVE-2022-3267 was published for rdiffweb (pip) Sep 23, 2022
Plone contains Cross-site Request Forgery Moderate
CVE-2012-5500 was published for plone (pip) May 17, 2022
Web2py Cross-Site Request Forgery vulnerability Moderate
CVE-2016-4808 was published for web2py (pip) May 17, 2022
Cross-Site Request Forgery in JupyterHub Moderate
CVE-2020-36191 was published for jupyterhub (pip) May 24, 2022
modoboa Cross-Site Request Forgery vulnerability Moderate
CVE-2023-5690 was published for modoboa (pip) Oct 20, 2023
modoboa vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-2228 was published for modoboa (pip) Apr 21, 2023
Apache Airflow Cross-Site Request Forgery vulnerability Moderate
CVE-2023-49920 was published for apache-airflow (pip) Dec 21, 2023
furlongm openvpn-monitor allows CSRF to disconnect an arbitrary client Moderate
CVE-2021-31604 was published for openvpn-monitor (pip) May 24, 2022
Plone Cross-site request forgery (CSRF) Moderate
CVE-2008-0164 was published for Plone (pip) May 1, 2022
Cross-site request forgery in Django Moderate
CVE-2011-0696 was published for django (pip) Jul 23, 2018
MarkLee131
Duplicate Advisory: Cross-Site Request Forgery in Gradio Moderate
GHSA-3x9g-xfj5-fq84 was published for gradio (pip) Mar 21, 2024 withdrawn
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files Moderate
CVE-2024-1727 was published for gradio (pip) May 21, 2024
Django cross-site request forgery (CSRF) vulnerability Moderate
CVE-2008-3909 was published for django (pip) May 2, 2022
MarkLee131
archivy is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4162 was published for archivy (pip) Jan 6, 2022
westonsteimel
ProTip! Advisories are also available from the GraphQL API