Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

694 advisories

Loading
Hano allows bypass of CSRF Middleware by a request without Content-Type header. Moderate
CVE-2024-48913 was published for hono (npm) Oct 15, 2024
Cross-Site Request Forgery (CSRF) in strawberry-graphql Moderate
CVE-2024-47082 was published for strawberry-graphql (pip) Sep 25, 2024
DoctorJohn graingert
Speedy1991
Lunary Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2024-6862 was published for lunary (npm) Sep 13, 2024
Hono CSRF middleware can be bypassed using crafted Content-Type header Moderate
CVE-2024-43787 was published for hono (npm) Aug 22, 2024
wataru-chocola
Mattermost Cross-Site Request Forgery vulnerability Moderate
CVE-2024-40886 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Magento Open Source Cross-Site Request Forgery vulnerability Moderate
CVE-2024-39408 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2024-39409 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2024-39410 was published for magento/community-edition (Composer) Aug 14, 2024
gotortc vulnerable to Cross-Site Request Forgery High
CVE-2024-29192 was published for github.com/AlexxIT/go2rtc (Go) Aug 5, 2024
Owncast Cross-Site Request Forgery vulnerability High
CVE-2024-29026 was published for github.com/owncast/owncast (Go) Aug 5, 2024
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF Low
CVE-2024-41811 was published for ipl/web (Composer) Aug 5, 2024
Cross-Site Request Forgery in Spina Moderate
CVE-2024-7106 was published for spina (RubyGems) Jul 25, 2024
ProcessWire Cross Site Request Forgery vulnerability Moderate
CVE-2024-41597 was published for processwire/processwire (Composer) Jul 19, 2024
Moodle CSRF risks due to misuse of confirm_sesskey Moderate
CVE-2024-38276 was published for moodle/moodle (Composer) Jun 18, 2024
Zend-Diactoros URL Rewrite vulnerability Moderate
GHSA-fq4p-86hh-42v9 was published for zendframework/zend-diactoros (Composer) Jun 7, 2024
Zend-Navigation vulnerable to Cross-site Scripting High
GHSA-6v7p-5qcq-268c was published for zendframework/zend-navigation (Composer) Jun 7, 2024
Zend-Feed URL Rewrite vulnerability High
GHSA-jmmp-vh96-78rm was published for zendframework/zend-feed (Composer) Jun 7, 2024
Zend-HTTP URL Rewrite vulnerability High
GHSA-cg8w-5jrc-675g was published for zendframework/zend-http (Composer) Jun 7, 2024
Zendframework URL Rewrite vulnerability Moderate
GHSA-fh7r-58q4-6387 was published for zendframework/zendframework (Composer) Jun 7, 2024
Moodle Logout CSRF in admin/tool/mfa/auth.php Moderate
CVE-2024-34007 was published for moodle/moodle (Composer) May 31, 2024
Moodle CSRF risk in analytics management of models High
CVE-2024-34008 was published for moodle/moodle (Composer) May 31, 2024
Moodle CSRF risk in admin preset tool management of presets High
CVE-2024-34001 was published for moodle/moodle (Composer) May 31, 2024
Sylius Resource Bundle Cross-Site Request Forgery vulnerability Moderate
GHSA-65v7-wg35-2qpm was published for sylius/resource-bundle (Composer) May 29, 2024
silverstripe/graphql Cross-Site Request Forgery vulnerability High
GHSA-wjg9-v8cf-f5q2 was published for silverstripe/graphql (Composer) May 28, 2024
Silverstripe Missing CSRF protection in login form Moderate
GHSA-vj2j-6g3w-4662 was published for silverstripe/framework (Composer) May 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database