Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-19jh-cxhe-17av
Vulnerability ID VCID-19jh-cxhe-17av
Aliases GHSA-wj5j-xpcj-45gc
Summary # Withdrawn Affected versions of the package are vulnerable to Cross-Site Request Forgery (CSRF) attacks.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-352 Cross-Site Request Forgery (CSRF)
System Score Found at
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-wj5j-xpcj-45gc
generic_textual MODERATE https://github.com/scambra/devise_invitable/commit/d1bb19efca8e35885e1c2f0931d6171fce8cf74e
generic_textual MODERATE https://github.com/scambra/devise_invitable/issues/457
generic_textual MODERATE https://www.sourceclear.com/vulnerability-database/security/cross-site-request-forgery-csrf/ruby/sid-2272
Reference id Reference type URL
https://github.com/scambra/devise_invitable/commit/d1bb19efca8e35885e1c2f0931d6171fce8cf74e
https://github.com/scambra/devise_invitable/issues/457
https://www.sourceclear.com/vulnerability-database/security/cross-site-request-forgery-csrf/ruby/sid-2272
https://www.sourceclear.com/vulnerability-database/security/cross-site-request-forgery-csrf/ruby/sid-2272/
GHSA-wj5j-xpcj-45gc https://github.com/advisories/GHSA-wj5j-xpcj-45gc
No exploits are available.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-05-31T11:12:19.716573+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/02/GHSA-wj5j-xpcj-45gc/GHSA-wj5j-xpcj-45gc.json 38.6.0