GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
142 advisories
Filter by severity
OrientDB-Server vulnerable to Cross-Site Request Forgery
High
CVE-2015-2912
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons
High
CVE-2018-20595
was published
for
org.hswebframework.web:hsweb-commons
(Maven)
Jan 4, 2019
CSRF vulnerability in Jenkins Publish Over FTP Plugin
High
CVE-2022-29050
was published
for
org.jenkins-ci.plugins:publish-over-ftp
(Maven)
Apr 13, 2022
Cross Site Request Forgery in Mingsoft MCMS
High
CVE-2022-27340
was published
for
net.mingsoft:ms-mcms
(Maven)
Apr 23, 2022
Cross-Site Request Forgery in Jenkins Git Plugin
High
CVE-2017-1000092
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 17, 2022
Cross-Site Request Forgery in Jolokia
High
CVE-2018-10899
was published
for
org.jolokia:jolokia-core
(Maven)
May 24, 2022
Cross-Site Request Forgery in XXL-Job
High
CVE-2022-29002
was published
for
com.xuxueli:xxl-job
(Maven)
May 24, 2022
Cross-Site Request Forgery in Jenkins
High
CVE-2017-1000356
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Cross-Site Request Forgery in OWASP CSRFGuard
High
CVE-2021-28490
was published
for
org.owasp:csrfguard
(Maven)
May 24, 2022
Cross Site Request Forgery in Mingsoft MCMS
High
CVE-2022-29647
was published
for
net.mingsoft:ms-mcms
(Maven)
Jun 3, 2022
Cross Site Request Forgery in Jenkins Storable Configs Plugin
High
CVE-2022-30972
was published
for
org.jvnet.hudson.plugins:storable-configs-plugin
(Maven)
May 18, 2022
Cross Site Request Forgery in Jenkins SSH Plugin
High
CVE-2022-30958
was published
for
org.jenkins-ci.plugins:ssh
(Maven)
May 18, 2022
Cross-Site Request Forgery in Jenkins Autocomplete Parameter Plugin
High
CVE-2022-30969
was published
for
org.jenkins-ci.plugins:autocomplete-parameter
(Maven)
May 18, 2022
Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability
High
CVE-2018-1000153
was published
for
org.jenkins-ci.plugins:vsphere-cloud
(Maven)
May 14, 2022
Jenkins Poll SCM Plugin vulnerable to Cross-Site Request Forgery
High
CVE-2017-1000093
was published
for
org.jenkins-ci.plugins:pollscm
(Maven)
May 17, 2022
Cross-Site Request Forgery in Jenkins Recipe Plugin
High
CVE-2022-34792
was published
for
org.jenkins-ci.plugins:recipe
(Maven)
Jul 1, 2022
Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection
High
CVE-2020-2196
was published
for
org.jenkins-ci.plugins:selenium
(Maven)
May 24, 2022
Jenkins Coverity Plugin vulnerable to cross-site request forgery (CSRF)
High
CVE-2022-36920
was published
for
org.jenkins-ci.plugins:coverity
(Maven)
Jul 28, 2022
CSRF vulnerability in Jenkins Sounds Plugin allow OS command execution
High
CVE-2020-2098
was published
for
org.jenkins-ci.plugins:sounds
(Maven)
May 24, 2022
Apache JSPWiki CSRF due to crafted invocation on the Image plugin
High
CVE-2022-34158
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Aug 5, 2022
Jenkins build-publisher plugin vulnerable to cross-site request forgery
High
CVE-2022-41232
was published
for
org.jenkins-ci.plugins:build-publisher
(Maven)
Sep 22, 2022
Improper Input Validation and Cross-Site Request Forgery in Keycloak
High
CVE-2019-10199
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 23, 2019
Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin
High
CVE-2019-16575
was published
for
io.alauda.jenkins.plugins:alauda-kubernetes-support
(Maven)
May 24, 2022
Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12
High
CVE-2020-28452
was published
for
com.softwaremill.akka-http-session:core_2.12
(Maven)
Jan 6, 2022
Cryptographically weak CSRF tokens in Apache MyFaces
High
CVE-2021-26296
was published
for
org.apache.myfaces.core:myfaces-core-module
(Maven)
Jun 16, 2021
ProTip!
Advisories are also available from the
GraphQL API