GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,362 advisories
Filter by severity
Cross-Site Request Forgery (CSRF)
Moderate
GHSA-wj5j-xpcj-45gc
was published
for
devise_invitable
(RubyGems)
Feb 24, 2021
•
withdrawn
CSRF and DNS Rebinding in Oasis
Moderate
CVE-2020-11003
was published
for
@fraction/oasis
(npm)
Apr 16, 2020
Sensitive information exposure through logs in npm-registry-fetch
Moderate
GHSA-jmqm-f2gx-4fjv
was published
for
npm-registry-fetch
(npm)
Jul 7, 2020
CSRF Vulnerability in polaris-website
Moderate
GHSA-whrh-9j4q-g7ph
was published
for
polaris-website
(npm)
Aug 5, 2020
CSRF vulnerability in save-server
Moderate
CVE-2020-15135
was published
for
save-server
(npm)
Aug 4, 2020
CSRF in Play Framework
Moderate
CVE-2020-12480
was published
for
com.typesafe.play:play_2.12
(Maven)
Aug 18, 2020
XSS due to lack of CSRF validation for replying/publishing
Moderate
CVE-2020-15156
was published
for
nodebb-plugin-blog-comments
(npm)
Aug 26, 2020
CSRF Vulnerability in jquery-ujs
Moderate
GHSA-6qqj-rx4w-r3cj
was published
for
jquery-ujs
(npm)
Aug 31, 2020
kube-httpcache is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
GHSA-47xh-qxqv-mgvg
was published
for
github.com/mittwald/kube-httpcache
(Go)
Dec 2, 2022
CakePHP has incorrect Cross-Site Request Forgery validation
Moderate
GHSA-829q-v5g8-hhxc
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Moderate
CVE-2013-7223
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions...
Moderate
Unreviewed
CVE-2023-0403
was published
Jan 19, 2023
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin
Moderate
CVE-2023-24437
was published
for
org.jenkins-ci.plugins:jira-steps
(Maven)
Jan 26, 2023
Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs,...
Moderate
Unreviewed
CVE-2022-26101
was published
Mar 11, 2022
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25212
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1...
Moderate
Unreviewed
CVE-2011-0629
was published
May 17, 2022
Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration screen in wp...
Moderate
Unreviewed
CVE-2011-0760
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in admin/conf_users_edit.php in PHP Link...
Moderate
Unreviewed
CVE-2011-0643
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0...
Moderate
Unreviewed
CVE-2011-0642
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3...
Moderate
Unreviewed
CVE-2011-0440
was published
May 17, 2022
Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard)...
Moderate
Unreviewed
CVE-2010-4627
was published
May 17, 2022
Predictable CSRF tokens in centreon/centreon
Moderate
CVE-2021-28055
was published
for
centreon/centreon
(Composer)
Jun 8, 2021
The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting...
Moderate
Unreviewed
CVE-2022-0616
was published
Mar 22, 2022
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.
Moderate
Unreviewed
CVE-2022-0515
was published
Mar 22, 2022
An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can...
Moderate
Unreviewed
CVE-2021-43737
was published
Mar 24, 2022
ProTip!
Advisories are also available from the
GraphQL API