GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
38 advisories
Filter by severity
Atro CSRF Middleware Bypass (security.checkOrigin)
Moderate
CVE-2024-56140
was published
for
astro
(npm)
Dec 18, 2024
Avenwu Whistle Cross-Site Request Forgery (CSRF)
High
CVE-2024-55500
was published
for
whistle
(npm)
Dec 10, 2024
Hono allows bypass of CSRF Middleware by a request without Content-Type header.
Moderate
CVE-2024-48913
was published
for
hono
(npm)
Oct 15, 2024
Lunary Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-6862
was published
for
lunary
(npm)
Sep 13, 2024
Hono CSRF middleware can be bypassed using crafted Content-Type header
Low
CVE-2024-43787
was published
for
hono
(npm)
Aug 22, 2024
Firebase vulnerable to CRSF attack
Low
CVE-2024-4128
was published
for
firebase-tools
(npm)
May 2, 2024
mongo-express Cross-site Request Forgery vulnerability
Moderate
CVE-2023-52555
was published
for
mongo-express
(npm)
Mar 1, 2024
NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2023-45884
was published
for
openmct
(npm)
Nov 9, 2023
Axios Cross-Site Request Forgery Vulnerability
Moderate
CVE-2023-45857
was published
for
axios
(npm)
Nov 8, 2023
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state
High
CVE-2023-31999
was published
for
@fastify/oauth2
(npm)
Jul 5, 2023
@builder.io/qwik-city Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-2307
was published
for
@builder.io/qwik-city
(npm)
Apr 26, 2023
CSRF token fixation in fastify-passport
Moderate
CVE-2023-29020
was published
for
@fastify/passport
(npm)
Apr 21, 2023
Bypass of CSRF protection in the presence of predictable userInfo
Moderate
CVE-2023-27495
was published
for
@fastify/csrf-protection
(npm)
Apr 20, 2023
SvelteKit framework has Insufficient CSRF protection for CORS requests
High
CVE-2023-29008
was published
for
@sveltejs/kit
(npm)
Apr 7, 2023
SvelteKit vulnerable to Cross-Site Request Forgery
High
CVE-2023-29003
was published
for
@sveltejs/kit
(npm)
Apr 4, 2023
Missing proper state, nonce and PKCE checks for OAuth authentication
High
CVE-2023-27490
was published
for
next-auth
(npm)
Mar 13, 2023
Fastify: Incorrect Content-Type parsing can lead to CSRF attack
Moderate
CVE-2022-41919
was published
for
fastify
(npm)
Nov 21, 2022
NodeBB vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-3978
was published
for
nodebb
(npm)
Nov 13, 2022
The graphql-upload library included in Apollo Server 2 is vulnerable to CSRF mutations
Moderate
GHSA-2p3c-p3qw-69r4
was published
for
apollo-server
(npm)
Oct 12, 2022
NodeBB account takeover via SSO plugins
High
CVE-2022-36076
was published
for
nodebb
(npm)
Sep 16, 2022
Cross Site Request Forgery in kindeditor
High
CVE-2021-42228
was published
for
kindeditor
(npm)
Oct 18, 2021
Cross-site Request Forgery (CSRF) in joplin
Moderate
CVE-2021-23431
was published
for
joplin
(npm)
Sep 2, 2021
Cross-Site Request Forgery in express-cart
High
CVE-2020-22403
was published
for
express-cart
(npm)
Aug 30, 2021
Lack of protection against cookie tossing attacks in fastify-csrf
Moderate
CVE-2021-29624
was published
for
fastify-csrf
(npm)
May 17, 2021
Cross-site Request Forgery in fastify-csrf
High
CVE-2020-28482
was published
for
fastify-csrf
(npm)
Jan 20, 2021
ProTip!
Advisories are also available from the
GraphQL API