Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,844
Maven
5,000+
npm
4,470
NuGet
779
pip
4,231
Pub
12
RubyGems
974
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

793 advisories

Loading
alextselegidis/easyappointments is Vulnerable to CSRF Protection Bypass High
CVE-2026-23622 was published for alextselegidis/easyappointments (Composer) Jan 15, 2026
faroukn
Credited to faroukn
Authlib has 1-click Account Takeover vulnerability Moderate
CVE-2025-68158 was published for authlib (pip) Jan 8, 2026
davidbors-snyk
Credited to davidbors-snyk
React Router has CSRF issue in Action/Server Action Request Processing Moderate
CVE-2026-22030 was published for @remix-run/server-runtime (npm) Jan 8, 2026
Oceandust
Credited to Oceandust
FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO Moderate
CVE-2025-68481 was published for fastapi-users (pip) Dec 19, 2025
davidbors-snyk
Credited to davidbors-snyk
Mattermost has CSRF vulnerability via Calls Widget page Moderate
CVE-2025-62190 was published for github.com/mattermost/mattermost-plugin-calls (Go) Dec 17, 2025
1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality High
CVE-2025-34429 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025
1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality Moderate
CVE-2025-34430 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025
Jenkins has a CSRF vulnerability on the login form Low
CVE-2025-67639 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
1Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality High
CVE-2025-34410 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack Critical
CVE-2025-62593 was published for ray (pip) Nov 26, 2025
JLLeitschuh avilum
Credited to JLLeitschuh and avilum
Drupal Currency allows Cross Site Request Forgery Moderate
CVE-2025-10930 was published for drupal/currency (Composer) Oct 30, 2025
Jenkins Publish to Bitbucket Plugin vulnerable to CSRF and missing permissions check Moderate
CVE-2025-64149 was published for org.jenkins-ci.plugins:publish-to-bitbucket (Maven) Oct 29, 2025
Jenkins Start Windocks Containers Plugin vulnerable to cross-site request forgery Moderate
CVE-2025-64138 was published for org.jenkins-ci.plugins:windocks-start-container (Maven) Oct 29, 2025
Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery Moderate
CVE-2025-64141 was published for org.jenkins-ci.plugins:nexus-task-runner (Maven) Oct 29, 2025
Jenkins Themis Plugin vulnerable to cross-site request forgery Moderate
CVE-2025-64136 was published for org.jenkins-ci.plugins:themis (Maven) Oct 29, 2025
Jenkins Extensible Choice Parameter Plugin vulnerable to cross-site request forgery Moderate
CVE-2025-64133 was published for jp.ikedam.jenkins.plugins:extensible-choice-parameter (Maven) Oct 29, 2025
Liferay Portal Vulnerable to CSRF in Headless APIs High
CVE-2025-62258 was published for com.liferay.portal:release.portal.bom (Maven) Oct 28, 2025
Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system High
CVE-2025-47410 was published for org.apache.geode:geode-web (Maven) Oct 18, 2025
Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages Moderate
CVE-2025-41254 was published for org.springframework:spring-websocket (Maven) Oct 16, 2025
Liferay Portal is vulnerable to CSRF through publication comments Moderate
CVE-2025-62245 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 10, 2025
Canonical LXD CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI High
CVE-2025-54286 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass High
CVE-2025-59845 was published for @apollo/explorer (npm) Sep 26, 2025
ekzyis
Credited to ekzyis
Liferay Portal Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2025-43809 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Sep 19, 2025
listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover High
CVE-2025-58430 was published for github.com/knadh/listmonk (Go) Sep 9, 2025
r3verii
Credited to r3verii
github.com/gorilla/csrf improperly validates TrustedOrigins allowing CSRF attacks Moderate
CVE-2025-47909 was published for github.com/gorilla/csrf (Go) Aug 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database