Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

5,639 advisories

omniauth-facebook Cross-Site Request Forgery vulnerability Moderate
CVE-2013-4562 was published for omniauth-facebook (RubyGems) Oct 24, 2017
omniauth-oauth2 Cross-Site Request Forgery vulnerability Moderate
CVE-2012-6134 was published for omniauth-oauth2 (RubyGems) Oct 24, 2017
actionpack Cross-Site Request Forgery vulnerability Moderate
CVE-2011-0447 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
rails is vulnerable to CRLF injection Moderate
CVE-2008-5189 was published for rails (RubyGems) Oct 24, 2017
Cross-Site Request Forgery (CSRF) in keystone High
CVE-2017-16570 was published for keystone (npm) Nov 30, 2017
Auth0-js bypasses CSRF checks High
CVE-2018-7307 was published for auth0-js (npm) Mar 7, 2018
pym.js CSRF Vulnerability High
CVE-2018-1000086 was published for pym.js (npm) Mar 13, 2018
Kotti CSRF in the local roles implementation High
CVE-2018-9856 was published for Kotti (pip) Jul 12, 2018
Cross-site request forgery in Django Moderate
CVE-2011-0696 was published for django (pip) Jul 23, 2018
MarkLee131
Moderate severity vulnerability that affects django Moderate
CVE-2011-4140 was published for django (pip) Jul 23, 2018
Cross-site request forgery in rails_admin High
CVE-2016-10522 was published for rails_admin (RubyGems) Aug 8, 2018
Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability High
CVE-2015-4619 was published for spina (RubyGems) Aug 28, 2018
Doorkeeper contains Cross-site Request Forgery Moderate
CVE-2014-8144 was published for doorkeeper (RubyGems) Sep 17, 2018
Qutebrowser CSRF Vulnerability High
CVE-2018-10895 was published for qutebrowser (pip) Oct 10, 2018
High severity vulnerability that affects io.vertx:vertx-web High
CVE-2018-12540 was published for io.vertx:vertx-web (Maven) Oct 17, 2018
MarkLee131
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, and org.apache.cxf.fediz:fediz-spring2 Moderate
CVE-2017-7661 was published for org.apache.cxf.fediz:fediz-jetty8 (Maven) Oct 18, 2018
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3 Moderate
CVE-2017-12631 was published for org.apache.cxf.fediz:fediz-spring (Maven) Oct 18, 2018
MarkLee131
OrientDB-Server vulnerable to Cross-Site Request Forgery High
CVE-2015-2912 was published for com.orientechnologies:orientdb-studio (Maven) Oct 18, 2018
Cross-Site Request Forgery (CSRF) in Auth0 High
CVE-2018-6874 was published for auth0-js (npm) Nov 6, 2018
Cross-Site Request Forgery (CSRF) in Luigi High
CVE-2018-1000843 was published for luigi (pip) Dec 20, 2018
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons High
CVE-2018-20595 was published for org.hswebframework.web:hsweb-commons (Maven) Jan 4, 2019
Cross-Site Request Forgery (CSRF) in Apache Airflow High
CVE-2017-17835 was published for apache-airflow (pip) Jan 25, 2019
sunSUNQ
No CSRF Validation in droppy High
CVE-2016-10529 was published for droppy (npm) Feb 18, 2019
Apache Airflow vulnerable to CSRF Attacks High
CVE-2019-0229 was published for apache-airflow (pip) Apr 18, 2019
OmniAuth Ruby gem Cross-site Request Forgery in request phase High
CVE-2015-9284 was published for omniauth (RubyGems) May 29, 2019
G-Rath eugeneius
ProTip! Advisories are also available from the GraphQL API