Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

100 advisories

Loading
MetaGPT has an eval injection via a cross-site request forgery attack Low
CVE-2026-6109 was published for metagpt (pip) Apr 12, 2026
A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown... Low Unreviewed
CVE-2026-4590 was published Mar 23, 2026
Craft CMS has a potential information disclosure vulnerability in preview tokens Low
CVE-2026-29113 was published for craftcms/cms (Composer) Mar 10, 2026
singetu0096 Credited to singetu0096
Concrete CMS vulnerable to Cross-Site Request Forgery (CSRF) Low
CVE-2026-2994 was published for concrete5/concrete5 (Composer) Mar 4, 2026
A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the... Low Unreviewed
CVE-2026-3193 was published Feb 25, 2026
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpgurukul Gym... Low Unreviewed
CVE-2024-55271 was published Feb 17, 2026
sigstore CSRF possibility in OIDC authentication during signing Low
CVE-2026-24408 was published for sigstore (pip) Jan 26, 2026
jku Credited to jku
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to... Low Unreviewed
CVE-2025-36411 was published Jan 20, 2026
Improper authentication and missing CSRF protection in the local setup interface component in HCL... Low Unreviewed
CVE-2025-31963 was published Jan 7, 2026
CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf... Low Unreviewed
CVE-2025-14266 was published Dec 17, 2025
Jenkins has a CSRF vulnerability on the login form Low
CVE-2025-67639 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the database export... Low Unreviewed
CVE-2025-60912 was published Dec 8, 2025
Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7... Low Unreviewed
CVE-2025-13871 was published Dec 2, 2025
Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a... Low Unreviewed
CVE-2025-62497 was published Nov 25, 2025
A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The... Low Unreviewed
CVE-2025-58469 was published Nov 7, 2025
Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU... Low Unreviewed
CVE-2025-12221 was published Oct 25, 2025
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request... Low Unreviewed
CVE-2025-8606 was published Oct 11, 2025
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the... Low Unreviewed
CVE-2024-48341 was published Sep 8, 2025
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration Low Unreviewed
CVE-2025-54529 was published Jul 28, 2025
Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated... Low Unreviewed
CVE-2025-49462 was published Jul 10, 2025
Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and... Low Unreviewed
CVE-2025-52463 was published Jul 2, 2025
Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF... Low Unreviewed
CVE-2025-36576 was published Jun 10, 2025
Gibbon before 29.0.00 allows CSRF. Low Unreviewed
CVE-2025-26211 was published May 27, 2025
Moodle has a CSRF risk in Brickfield tool's analysis request action Low
CVE-2025-3638 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle has a CSRF risk in user tours manager that allows tour duplication Low
CVE-2025-3635 was published for moodle/moodle (Composer) Apr 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database