Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

191 advisories

Silverstripe Missing CSRF protection in login form Moderate
GHSA-vj2j-6g3w-4662 was published for silverstripe/framework (Composer) May 23, 2024
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter Moderate
GHSA-2hpc-mf4q-j885 was published for silverstripe/framework (Composer) May 23, 2024
Silverstripe Forum Module CSRF Vulnerability Moderate
GHSA-w8fq-xgvh-cxc2 was published for silverstripe/forum (Composer) May 23, 2024
sensiolabs/connect has a Cross-Site Request Forgery Vulnerability Moderate
GHSA-6wqp-7g94-f69j was published for sensiolabs/connect (Composer) May 21, 2024
eZ Platform CSRF token in login form is disabled by default High
GHSA-45qm-j4m9-whv9 was published for ezsystems/ezplatform (Composer) May 15, 2024
Dolibarr vulnerable to Cross-Site Request Forgery High
CVE-2024-31503 was published for dolibarr/dolibarr (Composer) Apr 17, 2024
Cross-Site Request Forgery in Anchor CMS High
CVE-2024-29499 was published for anchorcms/anchor-cms (Composer) Mar 22, 2024
Cross-Site Request Forgery in Anchor CMS High
CVE-2024-29338 was published for anchorcms/anchor-cms (Composer) Mar 22, 2024
Bagisto Cross-Site Request Forgery vulnerability Moderate
CVE-2023-36237 was published for bagisto/bagisto (Composer) Feb 27, 2024
Cross-Site Request Forgery in moodle Moderate
CVE-2024-25982 was published for moodle/moodle (Composer) Feb 19, 2024
livewire Cross-Site Request Forgery vulnerability High
CVE-2024-22859 was published for livewire/livewire (Composer) Feb 1, 2024 withdrawn
Treggats valorin
Concrete CMS Cross Site Request Forgery (CSRF) Moderate
CVE-2023-48652 was published for concrete5/concrete5 (Composer) Dec 25, 2023
Cross-Site Request Forgery (CSRF) in automad/automad Moderate
CVE-2023-7038 was published for automad/automad (Composer) Dec 21, 2023
Phpsysinfo Cross Site Request Forgery (CSRF) vulnerability Moderate
CVE-2023-49006 was published for phpsysinfo/phpsysinfo (Composer) Dec 19, 2023
Cross Site Request Forgery in SwiftyEdit High
CVE-2023-47350 was published for swiftyedit/swiftyedit (Composer) Nov 22, 2023
baserCMS CSRF vulnerability in Content preview Feature Moderate
CVE-2023-43649 was published for baserproject/basercms (Composer) Oct 26, 2023
Cross-Site Request Forgery (CSRF) in snipe/snipe-it High
CVE-2023-5511 was published for snipe/snipe-it (Composer) Oct 11, 2023
Wallabag user can reset data unintentionally Moderate
CVE-2023-4454 was published for wallabag/wallabag (Composer) Aug 21, 2023
Wallabag user can delete own API client unintentionally Moderate
CVE-2023-4455 was published for wallabag/wallabag (Composer) Aug 21, 2023
Duplicate Advisory: Wallabag user can delete own API client unintentionally Moderate
GHSA-gvvx-fc6p-2h9x was published for wallabag/wallabag (Composer) Aug 21, 2023 withdrawn
Duplicate Advisory: Wallabag user can reset data unintentionally Moderate
GHSA-rwpg-4c4c-v3r4 was published for wallabag/wallabag (Composer) Aug 21, 2023 withdrawn
Cockpit CMS Cross-Site Request Forgery vulnerability High
CVE-2023-37650 was published for cockpit-hq/cockpit (Composer) Jul 20, 2023
GilaCMS Cross Site Request Forgery vulnerability High
CVE-2020-20726 was published for gilacms/gila (Composer) Jun 20, 2023
Moodle vulnerable to Cross-site Request Forgery High
CVE-2023-28335 was published for moodle/moodle (Composer) Mar 23, 2023
Possible CSRF token fixation Moderate
CVE-2023-25170 was published for prestashop/prestashop (Composer) Mar 13, 2023
ProTip! Advisories are also available from the GraphQL API