Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

349 advisories

Loading
Lunary Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2024-6862 was published for lunary (npm) Sep 13, 2024
Hono CSRF middleware can be bypassed using crafted Content-Type header Moderate
CVE-2024-43787 was published for hono (npm) Aug 22, 2024
wataru-chocola
Mattermost Cross-Site Request Forgery vulnerability Moderate
CVE-2024-40886 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2024-39410 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2024-39409 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Open Source Cross-Site Request Forgery vulnerability Moderate
CVE-2024-39408 was published for magento/community-edition (Composer) Aug 14, 2024
Cross-Site Request Forgery in Spina Moderate
CVE-2024-7106 was published for spina (RubyGems) Jul 25, 2024
ProcessWire Cross Site Request Forgery vulnerability Moderate
CVE-2024-41597 was published for processwire/processwire (Composer) Jul 19, 2024
Moodle CSRF risks due to misuse of confirm_sesskey Moderate
CVE-2024-38276 was published for moodle/moodle (Composer) Jun 18, 2024
Zend-Diactoros URL Rewrite vulnerability Moderate
GHSA-fq4p-86hh-42v9 was published for zendframework/zend-diactoros (Composer) Jun 7, 2024
Zendframework URL Rewrite vulnerability Moderate
GHSA-fh7r-58q4-6387 was published for zendframework/zendframework (Composer) Jun 7, 2024
Moodle Logout CSRF in admin/tool/mfa/auth.php Moderate
CVE-2024-34007 was published for moodle/moodle (Composer) May 31, 2024
Sylius Resource Bundle Cross-Site Request Forgery vulnerability Moderate
GHSA-65v7-wg35-2qpm was published for sylius/resource-bundle (Composer) May 29, 2024
Silverstripe Missing CSRF protection in login form Moderate
GHSA-vj2j-6g3w-4662 was published for silverstripe/framework (Composer) May 23, 2024
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter Moderate
GHSA-2hpc-mf4q-j885 was published for silverstripe/framework (Composer) May 23, 2024
Silverstripe Forum Module CSRF Vulnerability Moderate
GHSA-w8fq-xgvh-cxc2 was published for silverstripe/forum (Composer) May 23, 2024
sensiolabs/connect has a Cross-Site Request Forgery Vulnerability Moderate
GHSA-6wqp-7g94-f69j was published for sensiolabs/connect (Composer) May 21, 2024
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files Moderate
CVE-2024-1727 was published for gradio (pip) May 21, 2024
BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-3825 was published for com.blazemeter.plugins:BlazeMeterJenkinsPlugin (Maven) Apr 17, 2024
XWiki Platform CSRF in the job scheduler Moderate
CVE-2024-31985 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 10, 2024
Apache Zeppelin CSRF vulnerability in the Credentials page Moderate
CVE-2021-28656 was published for org.apache.zeppelin:zeppelin-web (Maven) Apr 9, 2024
LocalAI cross-site request forgery vulnerability Moderate
CVE-2024-3135 was published for github.com/go-skynet/LocalAI (Go) Apr 1, 2024
Duplicate Advisory: Cross-Site Request Forgery in Gradio Moderate
GHSA-3x9g-xfj5-fq84 was published for gradio (pip) Mar 21, 2024 withdrawn
Cross-Site Request Forgery in Apache Wicket Moderate
CVE-2024-27439 was published for org.apache.wicket:wicket (Maven) Mar 19, 2024
Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2024-2215 was published for org.jenkins-ci.plugins:docker-build-step (Maven) Mar 6, 2024
ProTip! Advisories are also available from the GraphQL API