GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
191 advisories
Filter by severity
Silverstripe Missing CSRF protection in login form
Moderate
GHSA-vj2j-6g3w-4662
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter
Moderate
GHSA-2hpc-mf4q-j885
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe Forum Module CSRF Vulnerability
Moderate
GHSA-w8fq-xgvh-cxc2
was published
for
silverstripe/forum
(Composer)
May 23, 2024
sensiolabs/connect has a Cross-Site Request Forgery Vulnerability
Moderate
GHSA-6wqp-7g94-f69j
was published
for
sensiolabs/connect
(Composer)
May 21, 2024
eZ Platform CSRF token in login form is disabled by default
High
GHSA-45qm-j4m9-whv9
was published
for
ezsystems/ezplatform
(Composer)
May 15, 2024
Dolibarr vulnerable to Cross-Site Request Forgery
High
CVE-2024-31503
was published
for
dolibarr/dolibarr
(Composer)
Apr 17, 2024
Cross-Site Request Forgery in Anchor CMS
High
CVE-2024-29499
was published
for
anchorcms/anchor-cms
(Composer)
Mar 22, 2024
Cross-Site Request Forgery in Anchor CMS
High
CVE-2024-29338
was published
for
anchorcms/anchor-cms
(Composer)
Mar 22, 2024
Bagisto Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-36237
was published
for
bagisto/bagisto
(Composer)
Feb 27, 2024
Cross-Site Request Forgery in moodle
Moderate
CVE-2024-25982
was published
for
moodle/moodle
(Composer)
Feb 19, 2024
livewire Cross-Site Request Forgery vulnerability
High
CVE-2024-22859
was published
for
livewire/livewire
(Composer)
Feb 1, 2024
•
withdrawn
Concrete CMS Cross Site Request Forgery (CSRF)
Moderate
CVE-2023-48652
was published
for
concrete5/concrete5
(Composer)
Dec 25, 2023
Cross-Site Request Forgery (CSRF) in automad/automad
Moderate
CVE-2023-7038
was published
for
automad/automad
(Composer)
Dec 21, 2023
Phpsysinfo Cross Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2023-49006
was published
for
phpsysinfo/phpsysinfo
(Composer)
Dec 19, 2023
Cross Site Request Forgery in SwiftyEdit
High
CVE-2023-47350
was published
for
swiftyedit/swiftyedit
(Composer)
Nov 22, 2023
baserCMS CSRF vulnerability in Content preview Feature
Moderate
CVE-2023-43649
was published
for
baserproject/basercms
(Composer)
Oct 26, 2023
Cross-Site Request Forgery (CSRF) in snipe/snipe-it
High
CVE-2023-5511
was published
for
snipe/snipe-it
(Composer)
Oct 11, 2023
Wallabag user can reset data unintentionally
Moderate
CVE-2023-4454
was published
for
wallabag/wallabag
(Composer)
Aug 21, 2023
Wallabag user can delete own API client unintentionally
Moderate
CVE-2023-4455
was published
for
wallabag/wallabag
(Composer)
Aug 21, 2023
Duplicate Advisory: Wallabag user can delete own API client unintentionally
Moderate
GHSA-gvvx-fc6p-2h9x
was published
for
wallabag/wallabag
(Composer)
Aug 21, 2023
•
withdrawn
Duplicate Advisory: Wallabag user can reset data unintentionally
Moderate
GHSA-rwpg-4c4c-v3r4
was published
for
wallabag/wallabag
(Composer)
Aug 21, 2023
•
withdrawn
Cockpit CMS Cross-Site Request Forgery vulnerability
High
CVE-2023-37650
was published
for
cockpit-hq/cockpit
(Composer)
Jul 20, 2023
GilaCMS Cross Site Request Forgery vulnerability
High
CVE-2020-20726
was published
for
gilacms/gila
(Composer)
Jun 20, 2023
Moodle vulnerable to Cross-site Request Forgery
High
CVE-2023-28335
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Possible CSRF token fixation
Moderate
CVE-2023-25170
was published
for
prestashop/prestashop
(Composer)
Mar 13, 2023
ProTip!
Advisories are also available from the
GraphQL API