GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,474
Erlang
33
GitHub Actions
24
Go
2,198
Maven
5,000+
npm
3,843
NuGet
696
pip
3,632
Pub
12
RubyGems
911
Rust
912
Swift
38
Unreviewed advisories
All unreviewed
5,000+
222 advisories
Filter by severity
Leantime allows Cross-Site Request Forgery (CSRF)
Moderate
GHSA-92xh-6x7v-4rmq
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
TYPO3 DB Check Module vulnerable to Cross-Site Request Forgery
Moderate
CVE-2024-55945
was published
for
typo3/cms-lowlevel
(Composer)
Jan 14, 2025
TYPO3 Scheduler Module vulnerable to Cross-Site Request Forgery
High
CVE-2024-55924
was published
for
typo3/cms-scheduler
(Composer)
Jan 14, 2025
TYPO3 Indexed Search Module vulnerable to Cross-Site Request Forgery
Moderate
CVE-2024-55923
was published
for
typo3/cms-indexed-search
(Composer)
Jan 14, 2025
TYPO3 Form Framework Module vulnerable to Cross-Site Request Forgery
Moderate
CVE-2024-55922
was published
for
typo3/cms-form
(Composer)
Jan 14, 2025
TYPO3 Extension Manager Module vulnerable to Cross-Site Request Forgery
High
CVE-2024-55921
was published
for
typo3/cms-extensionmanager
(Composer)
Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Dashboard Module
Moderate
CVE-2024-55920
was published
for
typo3/cms-dashboard
(Composer)
Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Backend User Module
Moderate
CVE-2024-55894
was published
for
typo3/cms-beuser
(Composer)
Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Log Module
Moderate
CVE-2024-55893
was published
for
typo3/cms-belog
(Composer)
Jan 14, 2025
CSRF leading to delete account in wallabag/wallabag
Moderate
CVE-2023-0737
was published
for
wallabag/wallabag
(Composer)
Nov 15, 2024
Moodle has CSRF risk in Feedback non-respondents report
High
CVE-2024-43434
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Magento Open Source Cross-Site Request Forgery vulnerability
Moderate
CVE-2024-39408
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-39409
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-39410
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
Low
CVE-2024-41811
was published
for
ipl/web
(Composer)
Aug 5, 2024
ProcessWire Cross Site Request Forgery vulnerability
Low
CVE-2024-41597
was published
for
processwire/processwire
(Composer)
Jul 19, 2024
Moodle CSRF risks due to misuse of confirm_sesskey
Moderate
CVE-2024-38276
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Zend-Diactoros URL Rewrite vulnerability
Moderate
GHSA-fq4p-86hh-42v9
was published
for
zendframework/zend-diactoros
(Composer)
Jun 7, 2024
Zend-Navigation vulnerable to Cross-site Scripting
High
GHSA-6v7p-5qcq-268c
was published
for
zendframework/zend-navigation
(Composer)
Jun 7, 2024
Zend-Feed URL Rewrite vulnerability
High
GHSA-jmmp-vh96-78rm
was published
for
zendframework/zend-feed
(Composer)
Jun 7, 2024
Zend-HTTP URL Rewrite vulnerability
High
GHSA-cg8w-5jrc-675g
was published
for
zendframework/zend-http
(Composer)
Jun 7, 2024
Zendframework URL Rewrite vulnerability
Moderate
GHSA-fh7r-58q4-6387
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Moodle Logout CSRF in admin/tool/mfa/auth.php
Moderate
CVE-2024-34007
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle CSRF risk in analytics management of models
High
CVE-2024-34008
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle CSRF risk in admin preset tool management of presets
High
CVE-2024-34001
was published
for
moodle/moodle
(Composer)
May 31, 2024
ProTip!
Advisories are also available from the
GraphQL API