Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files Moderate
CVE-2024-1727 was published for gradio (pip) May 21, 2024
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain High
CVE-2024-34069 was published for Werkzeug (pip) May 6, 2024
Ry0taK
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations High
CVE-2024-2196 was published for aim (pip) Apr 10, 2024
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing High
CVE-2024-28233 was published for jupyterhub (pip) Mar 28, 2024
Th0h0
Duplicate Advisory: Cross-Site Request Forgery in Gradio Moderate
GHSA-3x9g-xfj5-fq84 was published for gradio (pip) Mar 21, 2024 withdrawn
ESPHome vulnerable to Authentication bypass via Cross site request forgery High
CVE-2024-29019 was published for esphome (pip) Mar 21, 2024
r3kumar
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation Critical
CVE-2024-22416 was published for pyload-ng (pip) Jan 19, 2024
PinkDraconian kaydoda
Apache Airflow Cross-Site Request Forgery vulnerability Moderate
CVE-2023-49920 was published for apache-airflow (pip) Dec 21, 2023
Cross-Site Request Forgery vulnerability in Prefect High
CVE-2023-6022 was published for prefect (pip) Nov 16, 2023
zangell44 bunchesofdonald
modoboa Cross-Site Request Forgery vulnerability Moderate
CVE-2023-5690 was published for modoboa (pip) Oct 20, 2023
wger Workout Manager Cross-Site Request Forgery vulnerability High
CVE-2023-38759 was published for wger (pip) Aug 8, 2023
modoboa vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-2228 was published for modoboa (pip) Apr 21, 2023
Cross-Site Request Forgery in modoboa Moderate
CVE-2023-0438 was published for modoboa (pip) Jan 23, 2023
Cross-Site Request Forgery in modoboa Moderate
CVE-2023-0406 was published for modoboa (pip) Jan 19, 2023
Modoboa is vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-0398 was published for modoboa (pip) Jan 19, 2023
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints High
CVE-2022-43719 was published for apache-superset (pip) Jan 16, 2023
rdiffweb vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-4646 was published for rdiffweb (pip) Dec 22, 2022
rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed High
CVE-2022-3274 was published for rdiffweb (pip) Sep 23, 2022
rdiffweb Cross-Site Request Forgery vulnerability Moderate
CVE-2022-3267 was published for rdiffweb (pip) Sep 23, 2022
rdiffweb CSRF could lead to disabling notifications in user profile Moderate
CVE-2022-3233 was published for rdiffweb (pip) Sep 22, 2022
rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users Moderate
CVE-2022-3232 was published for rdiffweb (pip) Sep 18, 2022
rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access High
CVE-2022-3221 was published for rdiffweb (pip) Sep 16, 2022
furlongm openvpn-monitor allows CSRF to disconnect an arbitrary client Moderate
CVE-2021-31604 was published for openvpn-monitor (pip) May 24, 2022
Cross-Site Request Forgery in JupyterHub Moderate
CVE-2020-36191 was published for jupyterhub (pip) May 24, 2022
Mirumee Saleor CSRF Protection Disabled High
CVE-2019-13594 was published for saleor (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API