GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,423 advisories
Filter by severity
omniauth-facebook Cross-Site Request Forgery vulnerability
Moderate
CVE-2013-4562
was published
for
omniauth-facebook
(RubyGems)
Oct 24, 2017
omniauth-oauth2 Cross-Site Request Forgery vulnerability
Moderate
CVE-2012-6134
was published
for
omniauth-oauth2
(RubyGems)
Oct 24, 2017
rails is vulnerable to CRLF injection
Moderate
CVE-2008-5189
was published
for
rails
(RubyGems)
Oct 24, 2017
actionpack Cross-Site Request Forgery vulnerability
Moderate
CVE-2011-0447
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Doorkeeper contains Cross-site Request Forgery
Moderate
CVE-2014-8144
was published
for
doorkeeper
(RubyGems)
Sep 17, 2018
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, and org.apache.cxf.fediz:fediz-spring2
Moderate
CVE-2017-7661
was published
for
org.apache.cxf.fediz:fediz-jetty8
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
Moderate
CVE-2017-12631
was published
for
org.apache.cxf.fediz:fediz-spring
(Maven)
Oct 18, 2018
CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux
Moderate
CVE-2020-5397
was published
for
org.springframework:spring-webflux
(Maven)
Jan 21, 2020
CSRF and DNS Rebinding in Oasis
Moderate
CVE-2020-11003
was published
for
@fraction/oasis
(npm)
Apr 16, 2020
Ability to forge per-form CSRF tokens in Rails
Moderate
CVE-2020-8166
was published
for
actionpack
(RubyGems)
May 26, 2020
CSRF Vulnerability in rails-ujs
Moderate
CVE-2020-8167
was published
for
actionview
(RubyGems)
Jul 7, 2020
Sensitive information exposure through logs in npm-registry-fetch
Moderate
GHSA-jmqm-f2gx-4fjv
was published
for
npm-registry-fetch
(npm)
Jul 7, 2020
CSRF vulnerability in save-server
Moderate
CVE-2020-15135
was published
for
save-server
(npm)
Aug 4, 2020
Field Test CSRF vulnerability
Moderate
CVE-2020-16252
was published
for
field_test
(RubyGems)
Aug 5, 2020
CSRF Vulnerability in polaris-website
Moderate
GHSA-whrh-9j4q-g7ph
was published
for
polaris-website
(npm)
Aug 5, 2020
CSRF in Play Framework
Moderate
CVE-2020-12480
was published
for
com.typesafe.play:play_2.12
(Maven)
Aug 18, 2020
XSS due to lack of CSRF validation for replying/publishing
Moderate
CVE-2020-15156
was published
for
nodebb-plugin-blog-comments
(npm)
Aug 26, 2020
Rosetta-Flash JSONP Vulnerability in hapi
Moderate
CVE-2014-4671
was published
for
hapi
(npm)
Aug 31, 2020
CSRF Vulnerability in jquery-ujs
Moderate
GHSA-6qqj-rx4w-r3cj
was published
for
jquery-ujs
(npm)
Aug 31, 2020
Cross-Site Request Forgery (CSRF)
Moderate
GHSA-wj5j-xpcj-45gc
was published
for
devise_invitable
(RubyGems)
Feb 24, 2021
•
withdrawn
Cross-Site Request Forgery in MAGMI
Moderate
CVE-2020-5776
was published
for
dweeves/magmi
(Composer)
May 6, 2021
Lack of protection against cookie tossing attacks in fastify-csrf
Moderate
CVE-2021-29624
was published
for
fastify-csrf
(npm)
May 17, 2021
Cross-Site Request Forgery in OpenNMS Horizon
Moderate
CVE-2021-25930
was published
for
org.opennms:opennms
(Maven)
May 25, 2021
Predictable CSRF tokens in centreon/centreon
Moderate
CVE-2021-28055
was published
for
centreon/centreon
(Composer)
Jun 8, 2021
Cross-Site Request Forgery in the Jenkins Claim plugin
Moderate
CVE-2021-21620
was published
for
org.jenkins-ci.plugins:claim
(Maven)
Jun 16, 2021
ProTip!
Advisories are also available from the
GraphQL API