Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

34 advisories

Loading
Cross-Site Request Forgery (CSRF) in Luigi High
CVE-2018-1000843 was published for luigi (pip) Dec 20, 2018
python-engineio vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2019-13611 was published for python-engineio (pip) Jul 30, 2019
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints High
CVE-2022-43719 was published for apache-superset (pip) Jan 16, 2023
Cross Site Request Forgery in mailman High
CVE-2021-44227 was published for mailman (pip) Dec 16, 2021
rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access High
CVE-2022-3221 was published for rdiffweb (pip) Sep 16, 2022
IPython vulnerable to cross site request forgery (CSRF) High
CVE-2015-5607 was published for ipython (pip) May 17, 2022
rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed High
CVE-2022-3274 was published for rdiffweb (pip) Sep 23, 2022
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4164 was published for calibreweb (pip) Jan 21, 2022
Kallithea Routes CSRF Bypass High
CVE-2016-3691 was published for kallithea (pip) May 13, 2022
Mirumee Saleor CSRF Protection Disabled High
CVE-2019-13594 was published for saleor (pip) May 24, 2022
Cross-Site Request Forgery in sqlite-web High
CVE-2021-23404 was published for sqlite-web (pip) Sep 9, 2021
Qutebrowser CSRF Vulnerability High
CVE-2018-10895 was published for qutebrowser (pip) Oct 10, 2018
Kotti CSRF in the local roles implementation High
CVE-2018-9856 was published for Kotti (pip) Jul 12, 2018
wger Workout Manager Cross-Site Request Forgery vulnerability High
CVE-2023-38759 was published for wger (pip) Aug 8, 2023
Cobbler Web Interface Lacks CSRF Protection High
CVE-2011-4952 was published for cobbler (pip) Apr 22, 2022
Cross-Site Request Forgery in Webargs High
CVE-2020-7965 was published for webargs (pip) Apr 7, 2021
tmorrell gillarramendi
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing High
CVE-2024-28233 was published for jupyterhub (pip) Mar 28, 2024
Th0h0
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations High
CVE-2024-2196 was published for aim (pip) Apr 10, 2024
ESPHome vulnerable to Authentication bypass via Cross site request forgery High
CVE-2024-29019 was published for esphome (pip) Mar 21, 2024
r3kumar
Edgewall Trac Cross-site request forgery (CSRF) vulnerability High
CVE-2006-5878 was published for trac (pip) May 1, 2022
Plone vulnerable to cross-site request forgery High
CVE-2015-7293 was published for Plone (pip) May 17, 2022
Kallithea cross-site request forgery (CSRF) vulnerability High
CVE-2015-0276 was published for Kallithea (pip) May 13, 2022
Cross-Site Request Forgery vulnerability in Prefect High
CVE-2023-6022 was published for prefect (pip) Nov 16, 2023
zangell44 bunchesofdonald
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain High
CVE-2024-34069 was published for Werkzeug (pip) May 6, 2024
Ry0taK
Cross-Site Request Forgery (CSRF) in Apache Airflow High
CVE-2017-17835 was published for apache-airflow (pip) Jan 25, 2019
sunSUNQ
ProTip! Advisories are also available from the GraphQL API