Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,080
Erlang
29
GitHub Actions
19
Go
1,908
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

5,995 advisories

Loading
Improper Restriction of Rendered UI Layers or Frames in yourls Moderate
CVE-2021-3734 was published for yourls/yourls (Composer) Aug 30, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3728 was published for grumpydictator/firefly-iii (Composer) Aug 25, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3730 was published for grumpydictator/firefly-iii (Composer) Aug 25, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3729 was published for grumpydictator/firefly-iii (Composer) Aug 25, 2021
No CSRF protection on the password change form Moderate
CVE-2021-32730 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Jul 2, 2021
Cross-Site Request Forgery in forkcms High
CVE-2020-23264 was published for forkcms/forkcms (Composer) Jun 22, 2021
Cryptographically weak CSRF tokens in Apache MyFaces High
CVE-2021-26296 was published for org.apache.myfaces.core:myfaces-core-module (Maven) Jun 16, 2021
Cross-Site Request Forgery in the Jenkins Claim plugin Moderate
CVE-2021-21620 was published for org.jenkins-ci.plugins:claim (Maven) Jun 16, 2021
NotMyFault
CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials High
CVE-2021-21652 was published for org.jenkins-ci.plugins:xray-connector (Maven) Jun 16, 2021
NotMyFault
Cross-Site Request Forgery (CSRF) in FastAPI High
CVE-2021-32677 was published for fastapi (pip) Jun 10, 2021
b0g3r
Predictable CSRF tokens in centreon/centreon Moderate
CVE-2021-28055 was published for centreon/centreon (Composer) Jun 8, 2021
Cross-Site Request Forgery in OpenNMS Horizon High
CVE-2021-25931 was published for org.opennms:opennms (Maven) May 25, 2021
Cross-Site Request Forgery in OpenNMS Horizon Moderate
CVE-2021-25930 was published for org.opennms:opennms (Maven) May 25, 2021
Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor High
CVE-2019-19025 was published for github.com/goharbor/harbor (Go) May 18, 2021
Rancher Vulnerable to Cross-site Request Forgery (CSRF) High
CVE-2019-13209 was published for github.com/rancher/rancher (Go) May 18, 2021
Lack of protection against cookie tossing attacks in fastify-csrf Moderate
CVE-2021-29624 was published for fastify-csrf (npm) May 17, 2021
Cross-Site Request Forgery in MAGMI Moderate
CVE-2020-5776 was published for dweeves/magmi (Composer) May 6, 2021
Cross-Site Request Forgery in ForkCMS High
CVE-2020-23960 was published for forkcms/forkcms (Composer) May 6, 2021
Cross-Site Request Forgery in Vert.x-Web framework High
CVE-2020-35217 was published for io.vertx:vertx-web (Maven) Apr 22, 2021
Cross-Site Request Forgery (CSRF) in trestle-auth High
CVE-2021-29435 was published for trestle-auth (RubyGems) Apr 13, 2021
tomekr aj-hall
utkanos
CSRF Vuln can expose user's QRcode Low
GHSA-fxq4-r6mr-9x64 was published for Flask-Security-Too (pip) Apr 8, 2021
Cross-Site Request Forgery in Webargs High
CVE-2020-7965 was published for webargs (pip) Apr 7, 2021
tmorrell gillarramendi
Cross-Site Request Forgery (CSRF) Moderate
GHSA-wj5j-xpcj-45gc was published for devise_invitable (RubyGems) Feb 24, 2021 withdrawn
Cross-site Request Forgery in fastify-csrf High
CVE-2020-28482 was published for fastify-csrf (npm) Jan 20, 2021
CSRF can expose users authentication token High
CVE-2021-21241 was published for Flask-Security-Too (pip) Jan 11, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database