Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

142 advisories

Loading
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) High
CVE-2024-47879 was published for org.openrefine:main (Maven) Oct 24, 2024
wetneb
CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin High
CVE-2022-28136 was published for org.jenkins-ci.plugins:JiraTestResultReporter (Maven) Mar 30, 2022
NotMyFault
High severity vulnerability that affects io.vertx:vertx-web High
CVE-2018-12540 was published for io.vertx:vertx-web (Maven) Oct 17, 2018
MarkLee131
Cross-Site Request Forgery in Jenkins High
CVE-2020-2160 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault sunSUNQ
Cross-Site Request Forgery in Jenkins High
CVE-2017-1000504 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
Cloud Foundry Runtime Cross-Site Request Forgery vulnerability High
CVE-2015-5170 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cross-site request forgery vulnerability in Jenkins XL TestView Plugin High
CVE-2019-10386 was published for com.xebialabs.xlt.ci:xltestview-plugin (Maven) May 24, 2022
CSRF vulnerability in Jenkins Release plugin High
CVE-2018-1000013 was published for org.jenkins-ci.plugins:release (Maven) May 14, 2022
CSRF vulnerability in Jenkins Translation Assistance plugin High
CVE-2018-1000014 was published for org.jenkins-ci.plugins:translation (Maven) May 14, 2022
CSRF vulnerability in Jenkins Role-based Authorization Strategy Plugin configuration High
CVE-2017-1000090 was published for org.jenkins-ci.plugins:role-strategy (Maven) May 17, 2022
Sandbox Bypass via CSRF in Jenkins Warnings Plugin High
CVE-2019-1003007 was published for org.jvnet.hudson.plugins:warnings (Maven) May 13, 2022
Cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin High
CVE-2019-16560 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
Jenkins Slack Notification Plugin CSRF vulnerability and missing permission checks High
CVE-2019-1003044 was published for org.jenkins-ci.plugins:slack (Maven) May 13, 2022
Cross-Site Request Forgery in Jenkins Azure Credentials Plugin High
CVE-2023-25767 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins High
CVE-2022-43408 was published for org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view (Maven) Oct 19, 2022
Cross-Site Request Forgery in Jenkins Mailer Plugin High
CVE-2018-8718 was published for org.jenkins-ci.plugins:mailer (Maven) May 14, 2022
Apache Struts CSRF Vulnerability High
CVE-2016-4430 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin High
CVE-2022-20619 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery High
CVE-2019-10471 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
Cross-Site Request Forgery in Apache CXF Fediz High
CVE-2017-7662 was published for org.apache.cxf.fediz:fediz-oidc (Maven) May 13, 2022
q5438722
CSRF vulnerability in Jenkins Libvirt Agents Plugin High
CVE-2021-21627 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins High
CVE-2019-10384 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
CSRF vulnerability in Jenkins Configuration Slicing Plugin High
CVE-2021-21617 was published for org.jenkins-ci.plugins:configurationslicing (Maven) May 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin High
CVE-2019-16553 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 24, 2022
Cross-Site Request Forgery in Jenkins Gerrit Trigger Plugin High
CVE-2019-16551 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database