Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

2,954 advisories

Loading
CSRF can expose users authentication token High
CVE-2021-21241 was published for Flask-Security-Too (pip) Jan 11, 2021
Cross-site Request Forgery in fastify-csrf High
CVE-2020-28482 was published for fastify-csrf (npm) Jan 20, 2021
Cross-Site Request Forgery in Webargs High
CVE-2020-7965 was published for webargs (pip) Apr 7, 2021
tmorrell gillarramendi
Cross-Site Request Forgery (CSRF) in trestle-auth High
CVE-2021-29435 was published for trestle-auth (RubyGems) Apr 13, 2021
tomekr aj-hall
utkanos
Cross-Site Request Forgery in Vert.x-Web framework High
CVE-2020-35217 was published for io.vertx:vertx-web (Maven) Apr 22, 2021
Cross-Site Request Forgery in ForkCMS High
CVE-2020-23960 was published for forkcms/forkcms (Composer) May 6, 2021
Rancher Vulnerable to Cross-site Request Forgery (CSRF) High
CVE-2019-13209 was published for github.com/rancher/rancher (Go) May 18, 2021
Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor High
CVE-2019-19025 was published for github.com/goharbor/harbor (Go) May 18, 2021
Cross-Site Request Forgery in OpenNMS Horizon High
CVE-2021-25931 was published for org.opennms:opennms (Maven) May 25, 2021
Cross-Site Request Forgery (CSRF) in FastAPI High
CVE-2021-32677 was published for fastapi (pip) Jun 10, 2021
b0g3r
CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials High
CVE-2021-21652 was published for org.jenkins-ci.plugins:xray-connector (Maven) Jun 16, 2021
NotMyFault
Cryptographically weak CSRF tokens in Apache MyFaces High
CVE-2021-26296 was published for org.apache.myfaces.core:myfaces-core-module (Maven) Jun 16, 2021
Cross-Site Request Forgery in forkcms High
CVE-2020-23264 was published for forkcms/forkcms (Composer) Jun 22, 2021
Cross-Site Request Forgery in express-cart High
CVE-2020-22403 was published for express-cart (npm) Aug 30, 2021
Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server High
CVE-2021-39133 was published for org.rundeck:rundeck-core (Maven) Sep 1, 2021
Cross-Site Request Forgery in sqlite-web High
CVE-2021-23404 was published for sqlite-web (pip) Sep 9, 2021
Cross-Site Request Forgery in GilaCMS High
CVE-2020-20693 was published for gilacms/gila (Composer) Sep 30, 2021
Cross-Site-Request-Forgery in Backend High
CVE-2021-41113 was published for typo3/cms (Composer) Oct 5, 2021
sushiwushi ohader
Cross Site Request Forgery in kindeditor High
CVE-2021-42228 was published for kindeditor (npm) Oct 18, 2021
Cross-Site Request Forgery in PiranhaCMS High
CVE-2021-25976 was published for Piranha (NuGet) Nov 17, 2021
Cross-Site Request Forgery (CSRF) vulnerability leading to Database Reset in WordPress WP Reset... High Unreviewed
CVE-2021-36908 was published Nov 19, 2021
Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during... High Unreviewed
CVE-2021-44036 was published Nov 20, 2021
The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to... High Unreviewed
CVE-2021-39353 was published Nov 20, 2021
We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0... High Unreviewed
CVE-2021-34358 was published Nov 21, 2021
Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to... High Unreviewed
CVE-2021-20845 was published Nov 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database