Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

312 advisories

Loading
Moodle has CSRF risk in Feedback non-respondents report High
CVE-2024-43434 was published for moodle/moodle (Composer) Nov 7, 2024
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) High
CVE-2024-47879 was published for org.openrefine:main (Maven) Oct 24, 2024
wetneb
gotortc vulnerable to Cross-Site Request Forgery High
CVE-2024-29192 was published for github.com/AlexxIT/go2rtc (Go) Aug 5, 2024
Owncast Cross-Site Request Forgery vulnerability High
CVE-2024-29026 was published for github.com/owncast/owncast (Go) Aug 5, 2024
Zend-Navigation vulnerable to Cross-site Scripting High
GHSA-6v7p-5qcq-268c was published for zendframework/zend-navigation (Composer) Jun 7, 2024
Zend-Feed URL Rewrite vulnerability High
GHSA-jmmp-vh96-78rm was published for zendframework/zend-feed (Composer) Jun 7, 2024
Zend-HTTP URL Rewrite vulnerability High
GHSA-cg8w-5jrc-675g was published for zendframework/zend-http (Composer) Jun 7, 2024
Moodle CSRF risk in analytics management of models High
CVE-2024-34008 was published for moodle/moodle (Composer) May 31, 2024
Moodle CSRF risk in admin preset tool management of presets High
CVE-2024-34001 was published for moodle/moodle (Composer) May 31, 2024
silverstripe/graphql Cross-Site Request Forgery vulnerability High
GHSA-wjg9-v8cf-f5q2 was published for silverstripe/graphql (Composer) May 28, 2024
eZ Platform CSRF token in login form is disabled by default High
GHSA-45qm-j4m9-whv9 was published for ezsystems/ezplatform (Composer) May 15, 2024
Dolibarr vulnerable to Cross-Site Request Forgery High
CVE-2024-31503 was published for dolibarr/dolibarr (Composer) Apr 17, 2024
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing High
CVE-2024-28233 was published for jupyterhub (pip) Mar 28, 2024
Th0h0
Cross-Site Request Forgery in Anchor CMS High
CVE-2024-29499 was published for anchorcms/anchor-cms (Composer) Mar 22, 2024
ESPHome vulnerable to Authentication bypass via Cross site request forgery High
CVE-2024-29019 was published for esphome (pip) Mar 21, 2024
r3kumar
Bagisto Cross-Site Request Forgery vulnerability High
CVE-2023-36237 was published for bagisto/bagisto (Composer) Feb 27, 2024
livewire Cross-Site Request Forgery vulnerability High
CVE-2024-22859 was published for livewire/livewire (Composer) Feb 1, 2024 withdrawn
Treggats valorin
github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability High
CVE-2024-22424 was published for github.com/argoproj/argo-cd (Go) Jan 19, 2024
aphtrinh
Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability High
CVE-2023-50766 was published for org.sonatype.nexus.ci:nexus-jenkins-plugin (Maven) Dec 13, 2023
Cross-site request forgery vulnerability in Jenkins HTMLResource Plugin High
CVE-2023-50774 was published for org.jenkins-ci.plugins:htmlresource (Maven) Dec 13, 2023
Cross Site Request Forgery in Silverpeas High
CVE-2023-47322 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Cross Site Request Forgery in Silverpeas High
CVE-2023-47326 was published for org.silverpeas.core:silverpeas-core (Maven) Dec 13, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/div/update High
CVE-2023-49381 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
ProTip! Advisories are also available from the GraphQL API