Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

96 advisories

Loading
A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the... Low Unreviewed
CVE-2026-3193 was published Feb 25, 2026
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpgurukul Gym... Low Unreviewed
CVE-2024-55271 was published Feb 17, 2026
sigstore CSRF possibility in OIDC authentication during signing Low
CVE-2026-24408 was published for sigstore (pip) Jan 26, 2026
jku Credited to jku
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to... Low Unreviewed
CVE-2025-36411 was published Jan 20, 2026
Improper authentication and missing CSRF protection in the local setup interface component in HCL... Low Unreviewed
CVE-2025-31963 was published Jan 7, 2026
CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf... Low Unreviewed
CVE-2025-14266 was published Dec 17, 2025
Jenkins has a CSRF vulnerability on the login form Low
CVE-2025-67639 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the database export... Low Unreviewed
CVE-2025-60912 was published Dec 8, 2025
Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7... Low Unreviewed
CVE-2025-13871 was published Dec 2, 2025
Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a... Low Unreviewed
CVE-2025-62497 was published Nov 25, 2025
A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The... Low Unreviewed
CVE-2025-58469 was published Nov 7, 2025
Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU... Low Unreviewed
CVE-2025-12221 was published Oct 25, 2025
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request... Low Unreviewed
CVE-2025-8606 was published Oct 11, 2025
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the... Low Unreviewed
CVE-2024-48341 was published Sep 8, 2025
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration Low Unreviewed
CVE-2025-54529 was published Jul 28, 2025
Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated... Low Unreviewed
CVE-2025-49462 was published Jul 10, 2025
Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and... Low Unreviewed
CVE-2025-52463 was published Jul 2, 2025
Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF... Low Unreviewed
CVE-2025-36576 was published Jun 10, 2025
Gibbon before 29.0.00 allows CSRF. Low Unreviewed
CVE-2025-26211 was published May 27, 2025
Moodle has a CSRF risk in user tours manager that allows tour duplication Low
CVE-2025-3635 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle has a CSRF risk in Brickfield tool's analysis request action Low
CVE-2025-3638 was published for moodle/moodle (Composer) Apr 25, 2025
Drupal Configuration Split Cross-Site Request Forgery (CSRF) vulnerability Low
CVE-2025-31688 was published for drupal/config_split (Composer) Apr 1, 2025
Drupal OAuth2 Client Cross-Site Request Forgery (CSRF) Low
CVE-2025-31684 was published for drupal/oauth2_client (Composer) Apr 1, 2025
Drupal Matomo Analytics Cross-Site Request Forgery (CSRF) vulnerability Low
CVE-2025-31680 was published for drupal/matomo (Composer) Apr 1, 2025
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin... Low Unreviewed
CVE-2024-57611 was published Jan 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database