GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
6,190 advisories
Filter by severity
CSRF Vulnerability in polaris-website
Moderate
GHSA-whrh-9j4q-g7ph
was published
for
polaris-website
(npm)
Aug 5, 2020
Field Test CSRF vulnerability
Moderate
CVE-2020-16252
was published
for
field_test
(RubyGems)
Aug 5, 2020
CSRF vulnerability in save-server
Moderate
CVE-2020-15135
was published
for
save-server
(npm)
Aug 4, 2020
Sensitive information exposure through logs in npm-registry-fetch
Moderate
GHSA-jmqm-f2gx-4fjv
was published
for
npm-registry-fetch
(npm)
Jul 7, 2020
CSRF Vulnerability in rails-ujs
Moderate
CVE-2020-8167
was published
for
actionview
(RubyGems)
Jul 7, 2020
CSRF issue on preview pages in Bolt CMS
High
CVE-2020-4040
was published
for
bolt/bolt
(Composer)
Jun 9, 2020
Ability to forge per-form CSRF tokens in Rails
Moderate
CVE-2020-8166
was published
for
actionpack
(RubyGems)
May 26, 2020
Backend Same-Site Request Forgery in TYPO3 CMS
High
CVE-2020-11069
was published
for
typo3/cms
(Composer)
May 13, 2020
CSRF and DNS Rebinding in Oasis
Moderate
CVE-2020-11003
was published
for
@fraction/oasis
(npm)
Apr 16, 2020
CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux
Moderate
CVE-2020-5397
was published
for
org.springframework:spring-webflux
(Maven)
Jan 21, 2020
Cross-site scripting in Swagger-UI
Critical
CVE-2019-17495
was published
for
io.springfox:springfox-swagger-ui
(Maven)
Oct 15, 2019
Improper Input Validation and Cross-Site Request Forgery in Keycloak
High
CVE-2019-10199
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 23, 2019
Cross-Site Request Forgery in MicroPyramid Django CRM
High
CVE-2019-11457
was published
for
django-crm
(pip)
Sep 11, 2019
python-engineio vulnerable to Cross-Site Request Forgery (CSRF)
High
CVE-2019-13611
was published
for
python-engineio
(pip)
Jul 30, 2019
OmniAuth Ruby gem Cross-site Request Forgery in request phase
High
CVE-2015-9284
was published
for
omniauth
(RubyGems)
May 29, 2019
Apache Airflow vulnerable to CSRF Attacks
High
CVE-2019-0229
was published
for
apache-airflow
(pip)
Apr 18, 2019
Cross-Site Request Forgery (CSRF) in Apache Airflow
High
CVE-2017-17835
was published
for
apache-airflow
(pip)
Jan 25, 2019
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons
High
CVE-2018-20595
was published
for
org.hswebframework.web:hsweb-commons
(Maven)
Jan 4, 2019
Cross-Site Request Forgery (CSRF) in Luigi
High
CVE-2018-1000843
was published
for
luigi
(pip)
Dec 20, 2018
Cross-Site Request Forgery (CSRF) in Auth0
High
CVE-2018-6874
was published
for
auth0-js
(npm)
Nov 6, 2018
OrientDB-Server vulnerable to Cross-Site Request Forgery
High
CVE-2015-2912
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
Moderate
CVE-2017-12631
was published
for
org.apache.cxf.fediz:fediz-spring
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, and org.apache.cxf.fediz:fediz-spring2
Moderate
CVE-2017-7661
was published
for
org.apache.cxf.fediz:fediz-jetty8
(Maven)
Oct 18, 2018
ProTip!
Advisories are also available from the
GraphQL API