Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,736
Maven
5,000+
npm
4,336
NuGet
764
pip
4,110
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

392 advisories

Loading
Atro CSRF Middleware Bypass (security.checkOrigin) Moderate
CVE-2024-56140 was published for astro (npm) Dec 18, 2024
KageShiron ematipico
delucis ascorbic
Credited to KageShiron, ematipico, delucis, and ascorbic
Jenkins Publish to Bitbucket Plugin vulnerable to CSRF and missing permissions check Moderate
CVE-2025-64149 was published for org.jenkins-ci.plugins:publish-to-bitbucket (Maven) Oct 29, 2025
Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery Moderate
CVE-2025-64141 was published for org.jenkins-ci.plugins:nexus-task-runner (Maven) Oct 29, 2025
Jenkins Themis Plugin vulnerable to cross-site request forgery Moderate
CVE-2025-64136 was published for org.jenkins-ci.plugins:themis (Maven) Oct 29, 2025
Jenkins Start Windocks Containers Plugin vulnerable to cross-site request forgery Moderate
CVE-2025-64138 was published for org.jenkins-ci.plugins:windocks-start-container (Maven) Oct 29, 2025
Jenkins Extensible Choice Parameter Plugin vulnerable to cross-site request forgery Moderate
CVE-2025-64133 was published for jp.ikedam.jenkins.plugins:extensible-choice-parameter (Maven) Oct 29, 2025
Drupal Currency allows Cross Site Request Forgery Moderate
CVE-2025-10930 was published for drupal/currency (Composer) Oct 30, 2025
Mattermost Server allows XSS via CSRF Moderate
CVE-2016-11084 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages Moderate
CVE-2025-41254 was published for org.springframework:spring-websocket (Maven) Oct 16, 2025
Liferay Portal is vulnerable to CSRF through publication comments Moderate
CVE-2025-62245 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 10, 2025
Liferay Portal Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2025-43809 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Sep 19, 2025
github.com/gorilla/csrf improperly validates TrustedOrigins allowing CSRF attacks Moderate
CVE-2025-47909 was published for github.com/gorilla/csrf (Go) Aug 29, 2025
UnoPim vulnerable to CSRF on Product edit feature and creation of other types Moderate
CVE-2025-55744 was published for unopim/unopim (Composer) Aug 21, 2025
sn1p3rt3s7
Credited to sn1p3rt3s7
Liferay Portal CSRF Vulnerability via Endpoint Parameter Moderate
CVE-2025-43745 was published for com.liferay.portal:release.portal.bom (Maven) Aug 19, 2025
MLflow Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2025-1473 was published for mlflow (pip) Mar 20, 2025
Withdrawn Advisory: Lunary Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2024-6862 was published for @lunary/backend (npm) Sep 13, 2024 withdrawn
hughcrt
Credited to hughcrt
TYPO3 Cross-Site Request Forgery in Log Module Moderate
CVE-2024-55893 was published for typo3/cms-belog (Composer) Jan 14, 2025
zly123987 shm0sby
rosegabe
Credited to zly123987, shm0sby, and rosegabe
TYPO3 Cross-Site Request Forgery in Backend User Module Moderate
CVE-2024-55894 was published for typo3/cms-beuser (Composer) Jan 14, 2025
zly123987 shm0sby
rosegabe
Credited to zly123987, shm0sby, and rosegabe
TYPO3 DB Check Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55945 was published for typo3/cms-lowlevel (Composer) Jan 14, 2025
shm0sby rosegabe
Credited to shm0sby and rosegabe
TYPO3 Cross-Site Request Forgery in Dashboard Module Moderate
CVE-2024-55920 was published for typo3/cms-dashboard (Composer) Jan 14, 2025
TYPO3 Form Framework Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55922 was published for typo3/cms-form (Composer) Jan 14, 2025
TYPO3 Indexed Search Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55923 was published for typo3/cms-indexed-search (Composer) Jan 14, 2025
Jenkins Cadence vManager Plugin Vulnerable to Cross-Site Request Forgery Moderate
CVE-2025-47886 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 14, 2025
Bootstrap Multiselect Vulnerable to CSRF and Reflective XSS via Arbitrary POST Data Moderate
CVE-2025-47204 was published for bootstrap-multiselect (npm) May 13, 2025
nosurf vulnerable to CSRF due to non-functional same-origin request checks Moderate
CVE-2025-46721 was published for github.com/justinas/nosurf (Go) May 14, 2025
patrickod
Credited to patrickod
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database