Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,067
Maven
5,000+
npm
3,744
NuGet
668
pip
3,428
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

314 advisories

Loading
Image Resizer Cross-Site Request Forgery (CSRF) High
CVE-2020-13458 was published for verbb/image-resizer (Composer) May 24, 2022
Subrion CMS Cross-Site Request Forgery (CSRF) vulnerability High
CVE-2019-20390 was published for intelliants/subrion (Composer) May 24, 2022
Dolibarr Cross-Site Request Forgery Vulnerability High
CVE-2020-11825 was published for dolibarr/dolibarr (Composer) May 24, 2022
Cross-Site Request Forgery in Jenkins High
CVE-2020-2160 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault sunSUNQ
Subrion CMS CSRF Vulnerability High
CVE-2018-21037 was published for intelliants/subrion (Composer) May 24, 2022
Silverstripe CSRF Protection Bypass via GraphQL High
CVE-2019-12437 was published for silverstripe/graphql (Composer) May 24, 2022
CSRF vulnerability in Pipeline GitHub Notify Step Plugin allows capturing credentials High
CVE-2020-2116 was published for org.jenkins-ci.plugins:pipeline-githubnotify-step (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Sounds Plugin allow OS command execution High
CVE-2020-2098 was published for org.jenkins-ci.plugins:sounds (Maven) May 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin High
CVE-2019-16575 was published for io.alauda.jenkins.plugins:alauda-kubernetes-support (Maven) May 24, 2022
Jenkins Alauda DevOps Pipeline Plugin vulnerable to cross-site request forgery High
CVE-2019-16573 was published for com.alauda.jenkins.plugins:alauda-devops-pipeline (Maven) May 24, 2022
Cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin High
CVE-2019-16560 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
Jenkins Team Concert Plugin cross-site request forgery vulnerability High
CVE-2019-16565 was published for org.jenkins-ci.plugins:teamconcert (Maven) May 24, 2022
Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin High
CVE-2019-16550 was published for org.jenkins-ci.plugins.m2release:m2release (Maven) May 24, 2022
Cross-Site Request Forgery in Jenkins Gerrit Trigger Plugin High
CVE-2019-16551 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) May 24, 2022
Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin High
CVE-2019-16553 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 24, 2022
Pagekit File Upload vulnerability High
CVE-2019-19013 was published for pagekit/pagekit (Composer) May 24, 2022
Magento 2 Community Edition RCE Vulnerability via CSRF High
CVE-2019-8109 was published for magento/community-edition (Composer) May 24, 2022
Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery High
CVE-2019-10471 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
Jenkins Dynatrace Plugin vulnerable to Cross-Site Request Forgery High
CVE-2019-10462 was published for org.jenkins-ci.plugins:dynatrace-dashboard (Maven) May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Cross-Site Request Forgery High
CVE-2019-10468 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
Jenkins Deploy WebLogic Plugin cross-site request forgery vulnerability High
CVE-2019-10464 was published for org.jenkins-ci.plugins:weblogic-deployer-plugin (Maven) May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to Cross-Site Request Forgery High
CVE-2019-10437 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
phpBB Cross-Site Request Forgery (CSRF) High
CVE-2019-16993 was published for phpbb/phpbb (Composer) May 24, 2022
Cross-Site Request Forgery in Jenkins High
CVE-2019-10384 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
Dolibarr Cross-Site Request Forgery (CSRF) High
CVE-2019-15062 was published for dolibarr/dolibarr (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database