Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,201
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

142 advisories

Loading
OrientDB-Server vulnerable to Cross-Site Request Forgery High
CVE-2015-2912 was published for com.orientechnologies:orientdb-studio (Maven) Oct 18, 2018
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons High
CVE-2018-20595 was published for org.hswebframework.web:hsweb-commons (Maven) Jan 4, 2019
CSRF vulnerability in Jenkins Publish Over FTP Plugin High
CVE-2022-29050 was published for org.jenkins-ci.plugins:publish-over-ftp (Maven) Apr 13, 2022
westonsteimel
Cross Site Request Forgery in Mingsoft MCMS High
CVE-2022-27340 was published for net.mingsoft:ms-mcms (Maven) Apr 23, 2022
Cross-Site Request Forgery in Jenkins Git Plugin High
CVE-2017-1000092 was published for org.jenkins-ci.plugins:git (Maven) May 17, 2022
Cross-Site Request Forgery in Jolokia High
CVE-2018-10899 was published for org.jolokia:jolokia-core (Maven) May 24, 2022
Cross-Site Request Forgery in XXL-Job High
CVE-2022-29002 was published for com.xuxueli:xxl-job (Maven) May 24, 2022
Cross-Site Request Forgery in Jenkins High
CVE-2017-1000356 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Cross-Site Request Forgery in OWASP CSRFGuard High
CVE-2021-28490 was published for org.owasp:csrfguard (Maven) May 24, 2022
Cross Site Request Forgery in Mingsoft MCMS High
CVE-2022-29647 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
Cross Site Request Forgery in Jenkins Storable Configs Plugin High
CVE-2022-30972 was published for org.jvnet.hudson.plugins:storable-configs-plugin (Maven) May 18, 2022
NotMyFault
Cross Site Request Forgery in Jenkins SSH Plugin High
CVE-2022-30958 was published for org.jenkins-ci.plugins:ssh (Maven) May 18, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Autocomplete Parameter Plugin High
CVE-2022-30969 was published for org.jenkins-ci.plugins:autocomplete-parameter (Maven) May 18, 2022
NotMyFault
Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability High
CVE-2018-1000153 was published for org.jenkins-ci.plugins:vsphere-cloud (Maven) May 14, 2022
Jenkins Poll SCM Plugin vulnerable to Cross-Site Request Forgery High
CVE-2017-1000093 was published for org.jenkins-ci.plugins:pollscm (Maven) May 17, 2022
Cross-Site Request Forgery in Jenkins Recipe Plugin High
CVE-2022-34792 was published for org.jenkins-ci.plugins:recipe (Maven) Jul 1, 2022
NotMyFault
Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection High
CVE-2020-2196 was published for org.jenkins-ci.plugins:selenium (Maven) May 24, 2022
NotMyFault
Jenkins Coverity Plugin vulnerable to cross-site request forgery (CSRF) High
CVE-2022-36920 was published for org.jenkins-ci.plugins:coverity (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins Sounds Plugin allow OS command execution High
CVE-2020-2098 was published for org.jenkins-ci.plugins:sounds (Maven) May 24, 2022
NotMyFault
Apache JSPWiki CSRF due to crafted invocation on the Image plugin High
CVE-2022-34158 was published for org.apache.jspwiki:jspwiki-main (Maven) Aug 5, 2022
Jenkins build-publisher plugin vulnerable to cross-site request forgery High
CVE-2022-41232 was published for org.jenkins-ci.plugins:build-publisher (Maven) Sep 22, 2022
NotMyFault
Improper Input Validation and Cross-Site Request Forgery in Keycloak High
CVE-2019-10199 was published for org.keycloak:keycloak-core (Maven) Sep 23, 2019
Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin High
CVE-2019-16575 was published for io.alauda.jenkins.plugins:alauda-kubernetes-support (Maven) May 24, 2022
Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12 High
CVE-2020-28452 was published for com.softwaremill.akka-http-session:core_2.12 (Maven) Jan 6, 2022
Cryptographically weak CSRF tokens in Apache MyFaces High
CVE-2021-26296 was published for org.apache.myfaces.core:myfaces-core-module (Maven) Jun 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database