GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
335 advisories
Filter by severity
OrientDB-Server vulnerable to Cross-Site Request Forgery
High
CVE-2015-2912
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons
High
CVE-2018-20595
was published
for
org.hswebframework.web:hsweb-commons
(Maven)
Jan 4, 2019
CSRF in Play Framework
Moderate
CVE-2020-12480
was published
for
com.typesafe.play:play_2.12
(Maven)
Aug 18, 2020
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin
Moderate
CVE-2023-24437
was published
for
org.jenkins-ci.plugins:jira-steps
(Maven)
Jan 26, 2023
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25212
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
CSRF vulnerability in Jenkins Publish Over FTP Plugin
High
CVE-2022-29050
was published
for
org.jenkins-ci.plugins:publish-over-ftp
(Maven)
Apr 13, 2022
Cross Site Request Forgery in Mingsoft MCMS
High
CVE-2022-27340
was published
for
net.mingsoft:ms-mcms
(Maven)
Apr 23, 2022
Cross-Site Request Forgery in Jenkins
Moderate
CVE-2018-1000195
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Cross-Site Request Forgery in Jenkins
Moderate
CVE-2017-2613
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Cross-Site Request Forgery in Jenkins Git Plugin
High
CVE-2017-1000092
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 17, 2022
Cross-Site Request Forgery in Jolokia
High
CVE-2018-10899
was published
for
org.jolokia:jolokia-core
(Maven)
May 24, 2022
Cross-Site Request Forgery in XXL-Job
High
CVE-2022-29002
was published
for
com.xuxueli:xxl-job
(Maven)
May 24, 2022
Cross-Site Request Forgery in Apache Tomcat
Moderate
CVE-2012-4431
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Cross-Site Request Forgery in Jenkins
High
CVE-2017-1000356
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Cross-Site Request Forgery in Jolokia
Moderate
CVE-2014-0168
was published
for
org.jolokia:jolokia-core
(Maven)
May 17, 2022
Cross-Site Request Forgery in OWASP CSRFGuard
High
CVE-2021-28490
was published
for
org.owasp:csrfguard
(Maven)
May 24, 2022
XWiki Cross-Site Request Forgery (CSRF) for actions on tags
Moderate
CVE-2022-36095
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Sep 16, 2022
Cross Site Request Forgery in Mingsoft MCMS
High
CVE-2022-29647
was published
for
net.mingsoft:ms-mcms
(Maven)
Jun 3, 2022
Insufficient user input in Apache Jetspeed-2
Critical
CVE-2022-32533
was published
for
org.apache.portals.jetspeed-2:jetspeed-commons
(Maven)
Jul 7, 2022
Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-25192
was published
for
io.jenkins.plugins:embotics-vcommander
(Maven)
Feb 16, 2022
CSRF vulnerability in Jenkins Script Security Plugin
Moderate
CVE-2022-30946
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 18, 2022
Cross Site Request Forgery in Jenkins Storable Configs Plugin
High
CVE-2022-30972
was published
for
org.jvnet.hudson.plugins:storable-configs-plugin
(Maven)
May 18, 2022
Cross Site Request Forgery in Jenkins SSH Plugin
High
CVE-2022-30958
was published
for
org.jenkins-ci.plugins:ssh
(Maven)
May 18, 2022
Cross-Site Request Forgery in Jenkins Autocomplete Parameter Plugin
High
CVE-2022-30969
was published
for
org.jenkins-ci.plugins:autocomplete-parameter
(Maven)
May 18, 2022
Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability
High
CVE-2018-1000153
was published
for
org.jenkins-ci.plugins:vsphere-cloud
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API