GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,759
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+
219 advisories
Filter by severity
GilaCMS Cross Site Request Forgery vulnerability
High
CVE-2020-20726
was published
for
gilacms/gila
(Composer)
Jun 20, 2023
Moodle vulnerable to Cross-site Request Forgery
High
CVE-2023-28335
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Possible CSRF token fixation
Moderate
CVE-2023-25170
was published
for
prestashop/prestashop
(Composer)
Mar 13, 2023
Froxlor Cross-Site Request Forgery vulnerability
High
CVE-2023-1033
was published
for
froxlor/froxlor
(Composer)
Feb 25, 2023
Cross-Site Request Forgery (CSRF) in wallabag/wallabag
Moderate
CVE-2023-0735
was published
for
wallabag/wallabag
(Composer)
Feb 8, 2023
magento-lts Reset Password not protected against well-timed CSRF
Moderate
CVE-2021-21395
was published
for
openmage/magento-lts
(Composer)
Jan 26, 2023
CakePHP has incorrect Cross-Site Request Forgery validation
Moderate
GHSA-829q-v5g8-hhxc
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
Froxlor vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-4867
was published
for
froxlor/froxlor
(Composer)
Dec 31, 2022
ThinkCMF Cross Site Request Forgery (CSRF) vulnerability
High
CVE-2022-40489
was published
for
thinkcmf/thinkcmf
(Composer)
Dec 1, 2022
Cross-Site Request Forgery in Moodle
Moderate
CVE-2022-45149
was published
for
moodle/moodle
(Composer)
Nov 23, 2022
Cross-Site Request Forgery in feehi/feehicms
Moderate
CVE-2022-4014
was published
for
feehi/feehicms
(Composer)
Nov 16, 2022
Concrete CMS vulnerable to Cross-site Request Forgery
High
CVE-2022-43693
was published
for
concrete5/concrete5
(Composer)
Nov 14, 2022
ProcessWire vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-40488
was published
for
processwire/processwire
(Composer)
Oct 31, 2022
Duplicate Advisory: Cross-Site Request Forgery in easyii CMS
High
CVE-2022-3772
was published
for
noumo/easyii
(Composer)
Oct 31, 2022
•
withdrawn
Moodle Cross-Site Request Forgery (CSRF)
High
CVE-2022-2986
was published
for
moodle/moodle
(Composer)
Oct 6, 2022
Froxlor vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2022-3017
was published
for
froxlor/froxlor
(Composer)
Aug 29, 2022
Kirby CMS 2.5.12 Cross-site Request Forgery
Moderate
CVE-2018-14519
was published
for
getkirby/cms
(Composer)
Aug 25, 2022
CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection
Moderate
CVE-2022-35943
was published
for
codeigniter4/shield
(Composer)
Aug 18, 2022
Microweber before v1.2.20 vulnerable to cross-site scripting
Moderate
CVE-2022-2353
was published
for
microweber/microweber
(Composer)
Jul 10, 2022
Cross-Site Request Forgery in Elefant CMS
High
CVE-2017-20062
was published
for
elefant/cms
(Composer)
Jun 21, 2022
Cross-Site Request Forgery in easyii CMS
Moderate
CVE-2020-36534
was published
for
noumo/easyii
(Composer)
Jun 8, 2022
phpMyAdmin Cross-Site Request Forgery (CSRF)
Moderate
CVE-2019-12922
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
EC-CUBE Cross-site request forgery (CSRF) vulnerability
Moderate
CVE-2021-20842
was published
for
ec-cube/ec-cube
(Composer)
May 24, 2022
Moodle contains CSRF vulnerability
High
CVE-2021-43559
was published
for
moodle/moodle
(Composer)
May 24, 2022
ThinkCMF Cross Site Request Forgerly (CSRF) vulnerability
Moderate
CVE-2020-18151
was published
for
thinkcmf/thinkcmf
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API