github.com/gorilla/csrf

Go2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/gorilla/csrfpage 1 of 1

CVE-2025-24358NONECVSS 0.0EG 0.0✓ Fixed in 1.7.3
2025-04-15
gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Ref…
CVE-2025-47909HIGHCVSS 7.3EG 7.3
2025-08-29
Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't g…

Check whether github.com/gorilla/csrf is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/gorilla/csrf CVEs against the assets you own.

Start Free Scan →