Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,599
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,828
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

69 advisories

Loading
apache-airflow-providers-keycloak: Missing OAuth 2.0 State and PKCE Enables Login CSRF and Session Fixation Moderate
CVE-2026-40948 was published for apache-airflow-providers-keycloak (pip) Apr 18, 2026
Authlib: Cross-site request forging when using cache Moderate
GHSA-jj8c-mmj3-mmgv was published for authlib (pip) Apr 16, 2026
MetaGPT has an eval injection via a cross-site request forgery attack Low
CVE-2026-6109 was published for metagpt (pip) Apr 12, 2026
sigstore CSRF possibility in OIDC authentication during signing Low
CVE-2026-24408 was published for sigstore (pip) Jan 26, 2026
jku Credited to jku
Authlib has 1-click Account Takeover vulnerability Moderate
CVE-2025-68158 was published for authlib (pip) Jan 8, 2026
davidbors-snyk Credited to davidbors-snyk, galgolamiel, and levpachmanov galgolamiel galgolamiel
levpachmanov levpachmanov
FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO Moderate
CVE-2025-68481 was published for fastapi-users (pip) Dec 19, 2025
davidbors-snyk Credited to davidbors-snyk
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack Critical
CVE-2025-62593 was published for ray (pip) Nov 26, 2025
JLLeitschuh Credited to JLLeitschuh and avilum avilum avilum
MLflow Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2025-1473 was published for mlflow (pip) Mar 20, 2025
Open WebUI Cross-Site Request Forgery (CSRF) Vulnerability High
CVE-2024-7806 was published for open-webui (pip) Mar 20, 2025
Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2024-7035 was published for open-webui (pip) Mar 20, 2025
Aim vulnerable to Cross-Site Request Forgery High
CVE-2024-7760 was published for aim (pip) Mar 20, 2025
DB-GPT vulnerable to Cross-Site Request Forgery High
CVE-2024-10906 was published for dbgpt (pip) Mar 20, 2025
Cross-Site Request Forgery in CodeChecker API High
CVE-2024-53829 was published for codechecker (pip) Jan 21, 2025
Discookie Credited to Discookie
pyspider Cross-Site Request Forgery (CSRF) via the Flask endpoints High
CVE-2024-39163 was published for pyspider (pip) Dec 4, 2024
Cross-Site Request Forgery (CSRF) in strawberry-graphql Moderate
CVE-2024-47082 was published for strawberry-graphql (pip) Sep 25, 2024
DoctorJohn Credited to DoctorJohn, graingert, and Speedy1991 graingert graingert
Speedy1991 Speedy1991
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files Moderate
CVE-2024-1727 was published for gradio (pip) May 21, 2024
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain High
CVE-2024-34069 was published for Werkzeug (pip) May 6, 2024
Ry0taK Credited to Ry0taK
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations High
CVE-2024-2196 was published for aim (pip) Apr 10, 2024
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing High
CVE-2024-28233 was published for jupyterhub (pip) Mar 28, 2024
Th0h0 Credited to Th0h0
Duplicate Advisory: Cross-Site Request Forgery in Gradio Moderate
GHSA-3x9g-xfj5-fq84 was published for gradio (pip) Mar 21, 2024 withdrawn
ESPHome vulnerable to Authentication bypass via Cross site request forgery High
CVE-2024-29019 was published for esphome (pip) Mar 21, 2024
r3kumar Credited to r3kumar
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation Critical
CVE-2024-22416 was published for pyload-ng (pip) Jan 19, 2024
PinkDraconian Credited to PinkDraconian and kaydoda kaydoda kaydoda
Apache Airflow Cross-Site Request Forgery vulnerability Moderate
CVE-2023-49920 was published for apache-airflow (pip) Dec 21, 2023
Cross-Site Request Forgery vulnerability in Prefect High
CVE-2023-6022 was published for prefect (pip) Nov 16, 2023
zangell44 Credited to zangell44 and bunchesofdonald bunchesofdonald bunchesofdonald
modoboa Cross-Site Request Forgery vulnerability Moderate
CVE-2023-5690 was published for modoboa (pip) Oct 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database