GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
350 advisories
Filter by severity
Cross-Site Request Forgery (CSRF)
Moderate
GHSA-wj5j-xpcj-45gc
was published
for
devise_invitable
(RubyGems)
Feb 24, 2021
•
withdrawn
CSRF and DNS Rebinding in Oasis
Moderate
CVE-2020-11003
was published
for
@fraction/oasis
(npm)
Apr 16, 2020
Sensitive information exposure through logs in npm-registry-fetch
Moderate
GHSA-jmqm-f2gx-4fjv
was published
for
npm-registry-fetch
(npm)
Jul 7, 2020
CSRF Vulnerability in polaris-website
Moderate
GHSA-whrh-9j4q-g7ph
was published
for
polaris-website
(npm)
Aug 5, 2020
CSRF vulnerability in save-server
Moderate
CVE-2020-15135
was published
for
save-server
(npm)
Aug 4, 2020
CSRF in Play Framework
Moderate
CVE-2020-12480
was published
for
com.typesafe.play:play_2.12
(Maven)
Aug 18, 2020
XSS due to lack of CSRF validation for replying/publishing
Moderate
CVE-2020-15156
was published
for
nodebb-plugin-blog-comments
(npm)
Aug 26, 2020
CSRF Vulnerability in jquery-ujs
Moderate
GHSA-6qqj-rx4w-r3cj
was published
for
jquery-ujs
(npm)
Aug 31, 2020
kube-httpcache is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
GHSA-47xh-qxqv-mgvg
was published
for
github.com/mittwald/kube-httpcache
(Go)
Dec 2, 2022
CakePHP has incorrect Cross-Site Request Forgery validation
Moderate
GHSA-829q-v5g8-hhxc
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Moderate
CVE-2013-7223
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin
Moderate
CVE-2023-24437
was published
for
org.jenkins-ci.plugins:jira-steps
(Maven)
Jan 26, 2023
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25212
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
Predictable CSRF tokens in centreon/centreon
Moderate
CVE-2021-28055
was published
for
centreon/centreon
(Composer)
Jun 8, 2021
Cross-Site Request Forgery in Anchor CMS
Moderate
CVE-2022-25576
was published
for
anchorcms/anchor-cms
(Composer)
Mar 26, 2022
Cross-Site Request Forgery in Jenkins
Moderate
CVE-2018-1000195
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Cross-Site Request Forgery in Jenkins
Moderate
CVE-2017-2613
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Kirby CMS 2.5.12 Cross-site Request Forgery
Moderate
CVE-2018-14519
was published
for
getkirby/cms
(Composer)
Aug 25, 2022
Froxlor vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2022-3017
was published
for
froxlor/froxlor
(Composer)
Aug 29, 2022
Cross-Site Request Forgery in Apache Tomcat
Moderate
CVE-2012-4431
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Cross-Site Request Forgery in Jolokia
Moderate
CVE-2014-0168
was published
for
org.jolokia:jolokia-core
(Maven)
May 17, 2022
XWiki Cross-Site Request Forgery (CSRF) for actions on tags
Moderate
CVE-2022-36095
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Sep 16, 2022
Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-25192
was published
for
io.jenkins.plugins:embotics-vcommander
(Maven)
Feb 16, 2022
CSRF vulnerability in Jenkins Script Security Plugin
Moderate
CVE-2022-30946
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 18, 2022
Lack of protection against cookie tossing attacks in fastify-csrf
Moderate
CVE-2021-29624
was published
for
fastify-csrf
(npm)
May 17, 2021
ProTip!
Advisories are also available from the
GraphQL API