Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

692 advisories

Loading
CSRF can expose users authentication token High
CVE-2021-21241 was published for Flask-Security-Too (pip) Jan 11, 2021
Cross-Site Request Forgery (CSRF) in FastAPI High
CVE-2021-32677 was published for fastapi (pip) Jun 10, 2021
b0g3r
Django cross-site request forgery (CSRF) vulnerability High
CVE-2008-3909 was published for django (pip) May 2, 2022
MarkLee131
Django Cross-Site Request Forgery vulnerability High
CVE-2011-4140 was published for Django (pip) Jul 23, 2018
Cross-site request forgery in Django High
CVE-2011-0696 was published for Django (pip) Jul 23, 2018
MarkLee131
MicroPyramid Django-CRM CSRF High
CVE-2018-16552 was published for Django-CRM (pip) May 13, 2022
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2024-39410 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2024-39409 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Open Source Cross-Site Request Forgery vulnerability Moderate
CVE-2024-39408 was published for magento/community-edition (Composer) Aug 14, 2024
django-cms CSRF Vulnerability High
CVE-2015-5081 was published for django-cms (pip) May 17, 2022
Cross-Site Request Forgery in MicroPyramid Django CRM High
CVE-2019-11457 was published for django-crm (pip) Sep 11, 2019
Lunary Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2024-6862 was published for lunary (npm) Sep 13, 2024
archivy is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4162 was published for archivy (pip) Jan 6, 2022
westonsteimel
Apache Airflow vulnerable to CSRF Attacks High
CVE-2019-0229 was published for apache-airflow (pip) Apr 18, 2019
Cross-Site Request Forgery (CSRF) in Apache Airflow High
CVE-2017-17835 was published for apache-airflow (pip) Jan 25, 2019
sunSUNQ
Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor High
CVE-2019-19025 was published for github.com/goharbor/harbor (Go) May 18, 2021
mongo-express Cross-site Request Forgery vulnerability Moderate
CVE-2023-52555 was published for mongo-express (npm) Mar 1, 2024
Cross-site scripting in Swagger-UI Critical
CVE-2019-17495 was published for io.springfox:springfox-swagger-ui (Maven) Oct 15, 2019
mustafanaa
Mattermost Cross-Site Request Forgery vulnerability Moderate
CVE-2024-40886 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Hono CSRF middleware can be bypassed using crafted Content-Type header Moderate
CVE-2024-43787 was published for hono (npm) Aug 22, 2024
wataru-chocola
Dolibarr vulnerable to Cross-Site Request Forgery High
CVE-2024-31503 was published for dolibarr/dolibarr (Composer) Apr 17, 2024
Cross-Site Request Forgery (CSRF) in automad/automad Moderate
CVE-2023-7038 was published for automad/automad (Composer) Dec 21, 2023
marcantondahmen
Cross-Site Request Forgery in Spina Moderate
CVE-2024-7106 was published for spina (RubyGems) Jul 25, 2024
ProcessWire Cross Site Request Forgery vulnerability Moderate
CVE-2024-41597 was published for processwire/processwire (Composer) Jul 19, 2024
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF Low
CVE-2024-41811 was published for ipl/web (Composer) Aug 5, 2024
ProTip! Advisories are also available from the GraphQL API