Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Possible CSRF attack at questionnaire templates preview Moderate
CVE-2023-47635 was published for decidim-templates (RubyGems) Feb 20, 2024
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2 Moderate
CVE-2023-25015 was published for clockwork_web (RubyGems) Feb 2, 2023
administrate vulnerable to Cross-Site Request Forgery Moderate
CVE-2016-3098 was published for administrate (RubyGems) Aug 6, 2022
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend Low
CVE-2022-31000 was published for solidus_backend (RubyGems) Jun 1, 2022
Fat Free CRM contains Cross-site Request Forgery vulnerablilities Moderate
CVE-2013-7223 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM Cross-Site Request Forgery vulnerability Moderate
CVE-2015-1585 was published for fat_free_crm (RubyGems) May 14, 2022
tdunlap607
Gem in a Box vulnerable to Cross-site Request Forgery High
CVE-2017-14683 was published for geminabox (RubyGems) May 13, 2022
CSRF forgery protection bypass in solidus_frontend Moderate
CVE-2021-43846 was published for solidus_frontend (RubyGems) Jan 6, 2022
Authentication Bypass by CSRF Weakness Critical
GHSA-gpqc-4pp7-5954 was published for spree_auth_devise (RubyGems) Nov 18, 2021
jasnow
Authentication Bypass by CSRF Weakness Critical
GHSA-8xfw-5q82-3652 was published for spree_auth_devise (RubyGems) Nov 18, 2021
jasnow
Authentication Bypass by CSRF Weakness Critical
GHSA-6mqr-q86q-6gwr was published for spree_auth_devise (RubyGems) Nov 18, 2021
jasnow tdunlap607
Authentication Bypass by CSRF Weakness Critical
CVE-2021-41275 was published for spree_auth_devise (RubyGems) Nov 18, 2021
Authentication Bypass by CSRF Weakness Critical
GHSA-5629-8855-gf4g was published for solidus_core (RubyGems) Nov 18, 2021
oliverchang
Authentication Bypass by CSRF Weakness Critical
CVE-2021-41274 was published for solidus_auth_devise (RubyGems) Nov 18, 2021
Older releases of better_errors open to Cross-Site Request Forgery attack Moderate
CVE-2021-39197 was published for better_errors (RubyGems) Sep 7, 2021
RobinDaugherty
Cross-Site Request Forgery (CSRF) in trestle-auth High
CVE-2021-29435 was published for trestle-auth (RubyGems) Apr 13, 2021
tomekr aj-hall
utkanos
Cross-Site Request Forgery (CSRF) Moderate
GHSA-wj5j-xpcj-45gc was published for devise_invitable (RubyGems) Feb 24, 2021 withdrawn
PgHero gem allows CSRF High
CVE-2020-16253 was published for pghero (RubyGems) Aug 5, 2020
Field Test CSRF vulnerability Moderate
CVE-2020-16252 was published for field_test (RubyGems) Aug 5, 2020
greysteil
CSRF Vulnerability in rails-ujs Moderate
CVE-2020-8167 was published for actionview (RubyGems) Jul 7, 2020
Ability to forge per-form CSRF tokens in Rails Moderate
CVE-2020-8166 was published for actionpack (RubyGems) May 26, 2020
OmniAuth Ruby gem Cross-site Request Forgery in request phase High
CVE-2015-9284 was published for omniauth (RubyGems) May 29, 2019
G-Rath eugeneius
Doorkeeper contains Cross-site Request Forgery Moderate
CVE-2014-8144 was published for doorkeeper (RubyGems) Sep 17, 2018
Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability High
CVE-2015-4619 was published for spina (RubyGems) Aug 28, 2018
Cross-site request forgery in rails_admin High
CVE-2016-10522 was published for rails_admin (RubyGems) Aug 8, 2018
ProTip! Advisories are also available from the GraphQL API