Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

45 advisories

Loading
Caddy is vulnerable to cross-origin config application via local admin API /load Moderate
CVE-2026-27589 was published for github.com/caddyserver/caddy/v2 (Go) Feb 24, 2026
1seal Credited to 1seal
Mattermost has CSRF vulnerability via Calls Widget page Moderate
CVE-2025-62190 was published for github.com/mattermost/mattermost-plugin-calls (Go) Dec 17, 2025
1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality Moderate
CVE-2025-34430 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025
1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality High
CVE-2025-34429 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025
1Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality High
CVE-2025-34410 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025
Canonical LXD CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI High
CVE-2025-54286 was published for github.com/canonical/lxd (Go) Oct 2, 2025
listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover High
CVE-2025-58430 was published for github.com/knadh/listmonk (Go) Sep 9, 2025
r3verii Credited to r3verii
github.com/gorilla/csrf improperly validates TrustedOrigins allowing CSRF attacks Moderate
CVE-2025-47909 was published for github.com/gorilla/csrf (Go) Aug 29, 2025
nosurf vulnerable to CSRF due to non-functional same-origin request checks Moderate
CVE-2025-46721 was published for github.com/justinas/nosurf (Go) May 14, 2025
patrickod Credited to patrickod
gorilla/csrf CSRF vulnerability due to broken Referer validation Moderate
CVE-2025-24358 was published for github.com/gorilla/csrf (Go) Apr 14, 2025
patrickod Credited to patrickod
LocalAI Cross-site Scripting vulnerability Low
CVE-2024-48057 was published for github.com/mudler/LocalAI (Go) Nov 5, 2024
Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery Moderate
CVE-2024-46872 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse Moderate
CVE-2023-26248 was published for github.com/libp2p/go-libp2p-kad-dht (Go) Oct 25, 2024
Mattermost Cross-Site Request Forgery vulnerability Moderate
CVE-2024-40886 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
gotortc vulnerable to Cross-Site Request Forgery High
CVE-2024-29192 was published for github.com/AlexxIT/go2rtc (Go) Aug 5, 2024
Owncast Cross-Site Request Forgery vulnerability High
CVE-2024-29026 was published for github.com/owncast/owncast (Go) Aug 5, 2024
LocalAI cross-site request forgery vulnerability Moderate
CVE-2024-3135 was published for github.com/go-skynet/LocalAI (Go) Apr 1, 2024
Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery Low
CVE-2024-23319 was published for github.com/mattermost/mattermost-plugin-jira (Go) Feb 9, 2024
Grafana Cross Site Request Forgery (CSRF) Moderate
CVE-2022-21703 was published for github.com/grafana/grafana/pkg/web (Go) Feb 1, 2024
github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability High
CVE-2024-22424 was published for github.com/argoproj/argo-cd (Go) Jan 19, 2024
aphtrinh Credited to aphtrinh
Go Fiber CSRF Token Validation Vulnerability High
CVE-2023-45141 was published for github.com/gofiber/fiber/v2 (Go) Oct 17, 2023
sixcolors Credited to sixcolors, ReneWerner87, gaby, and rosenblueh ReneWerner87 ReneWerner87
gaby gaby rosenblueh rosenblueh
Cross-Site Request Forgery (CSRF) in usememos/memos High
CVE-2023-5036 was published for github.com/usememos/memos (Go) Sep 18, 2023
Casdoor Cross-Site Request Forgery vulnerability Moderate
CVE-2023-34927 was published for github.com/casdoor/casdoor (Go) Jun 22, 2023
Phachon mm-wiki Cross Site Request Forgery vulnerability High
CVE-2020-19278 was published for github.com/phachon/mm-wiki (Go) Apr 4, 2023
usememos/memos Cross-Site Request Forgery vulnerability Moderate
CVE-2022-4846 was published for github.com/usememos/memos (Go) Dec 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database