GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Cross-Site Request Forgery (CSRF) in keystone
High
CVE-2017-16570
was published
for
keystone
(npm)
Nov 30, 2017
Cross-Site Request Forgery (CSRF) in Auth0
High
CVE-2018-6874
was published
for
auth0-js
(npm)
Nov 6, 2018
Cross-site Request Forgery in fastify-csrf
High
CVE-2020-28482
was published
for
fastify-csrf
(npm)
Jan 20, 2021
Cross-Site Request Forgery in express-cart
High
CVE-2020-22403
was published
for
express-cart
(npm)
Aug 30, 2021
Cross Site Request Forgery in kindeditor
High
CVE-2021-42228
was published
for
kindeditor
(npm)
Oct 18, 2021
NodeBB account takeover via SSO plugins
High
CVE-2022-36076
was published
for
nodebb
(npm)
Sep 16, 2022
Missing proper state, nonce and PKCE checks for OAuth authentication
High
CVE-2023-27490
was published
for
next-auth
(npm)
Mar 13, 2023
SvelteKit vulnerable to Cross-Site Request Forgery
High
CVE-2023-29003
was published
for
@sveltejs/kit
(npm)
Apr 4, 2023
SvelteKit framework has Insufficient CSRF protection for CORS requests
High
CVE-2023-29008
was published
for
@sveltejs/kit
(npm)
Apr 7, 2023
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state
High
CVE-2023-31999
was published
for
@fastify/oauth2
(npm)
Jul 5, 2023
Avenwu Whistle Cross-Site Request Forgery (CSRF)
High
CVE-2024-55500
was published
for
whistle
(npm)
Dec 10, 2024
ProTip!
Advisories are also available from the
GraphQL API