GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
LocalAI Cross-site Scripting vulnerability
Low
CVE-2024-48057
was published
for
github.com/mudler/LocalAI
(Go)
Nov 5, 2024
Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery
Moderate
CVE-2024-46872
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse
Moderate
CVE-2023-26248
was published
for
github.com/libp2p/go-libp2p-kad-dht
(Go)
Oct 25, 2024
Mattermost Cross-Site Request Forgery vulnerability
Moderate
CVE-2024-40886
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
gotortc vulnerable to Cross-Site Request Forgery
High
CVE-2024-29192
was published
for
github.com/AlexxIT/go2rtc
(Go)
Aug 5, 2024
Owncast Cross-Site Request Forgery vulnerability
High
CVE-2024-29026
was published
for
github.com/owncast/owncast
(Go)
Aug 5, 2024
LocalAI cross-site request forgery vulnerability
Moderate
CVE-2024-3135
was published
for
github.com/go-skynet/LocalAI
(Go)
Apr 1, 2024
Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery
Low
CVE-2024-23319
was published
for
github.com/mattermost/mattermost-plugin-jira
(Go)
Feb 9, 2024
Grafana Cross Site Request Forgery (CSRF)
Moderate
CVE-2022-21703
was published
for
github.com/grafana/grafana/pkg/web
(Go)
Feb 1, 2024
github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability
High
CVE-2024-22424
was published
for
github.com/argoproj/argo-cd
(Go)
Jan 19, 2024
Go Fiber CSRF Token Validation Vulnerability
High
CVE-2023-45141
was published
for
github.com/gofiber/fiber/v2
(Go)
Oct 17, 2023
Cross-Site Request Forgery (CSRF) in usememos/memos
High
CVE-2023-5036
was published
for
github.com/usememos/memos
(Go)
Sep 18, 2023
Casdoor Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-34927
was published
for
github.com/casdoor/casdoor
(Go)
Jun 22, 2023
Phachon mm-wiki Cross Site Request Forgery vulnerability
High
CVE-2020-19278
was published
for
github.com/phachon/mm-wiki
(Go)
Apr 4, 2023
usememos/memos Cross-Site Request Forgery vulnerability
Moderate
CVE-2022-4846
was published
for
github.com/usememos/memos
(Go)
Dec 29, 2022
usememos/memos Cross-Site Request Forgery vulnerability
High
CVE-2022-4844
was published
for
github.com/usememos/memos
(Go)
Dec 29, 2022
usememos/memos Cross-Site Request Forgery vulnerability
Moderate
CVE-2022-4845
was published
for
github.com/usememos/memos
(Go)
Dec 29, 2022
usememos/memos Cross-Site Request Forgery vulnerability
Moderate
CVE-2022-4850
was published
for
github.com/usememos/memos
(Go)
Dec 29, 2022
usememos/memos Cross-Site Request Forgery vulnerability
Moderate
CVE-2022-4849
was published
for
github.com/usememos/memos
(Go)
Dec 29, 2022
Golf may allow attacker to bypass CSRF protections due to weak PRNG
High
CVE-2016-15005
was published
for
github.com/dinever/golf
(Go)
Dec 28, 2022
destiny.gg chat vulnerable to cross-site request forgery
High
CVE-2020-36625
was published
for
github.com/destinygg/chat
(Go)
Dec 22, 2022
kube-httpcache is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
GHSA-47xh-qxqv-mgvg
was published
for
github.com/mittwald/kube-httpcache
(Go)
Dec 2, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF
Low
CVE-2022-41925
was published
for
tailscale.com/cmd
(Go)
Nov 21, 2022
Tailscale Windows daemon is vulnerable to RCE via CSRF
Critical
CVE-2022-41924
was published
for
tailscale.com
(Go)
Nov 21, 2022
AdGuardHome vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-32175
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Oct 11, 2022
ProTip!
Advisories are also available from the
GraphQL API