GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
689 advisories
Filter by severity
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin
Moderate
CVE-2023-24437
was published
for
org.jenkins-ci.plugins:jira-steps
(Maven)
Jan 26, 2023
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25212
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
Cross Site Request Forgery in mailman
High
CVE-2021-44227
was published
for
mailman
(pip)
Dec 16, 2021
Cross-site Request Forgery in fastify-csrf
High
CVE-2020-28482
was published
for
fastify-csrf
(npm)
Jan 20, 2021
Predictable CSRF tokens in centreon/centreon
Moderate
CVE-2021-28055
was published
for
centreon/centreon
(Composer)
Jun 8, 2021
Cross-Site Request Forgery in Anchor CMS
Moderate
CVE-2022-25576
was published
for
anchorcms/anchor-cms
(Composer)
Mar 26, 2022
Cross-Site Request Forgery in YOURLS
Low
CVE-2022-0088
was published
for
yourls/yourls
(Composer)
Apr 4, 2022
CSRF vulnerability in Jenkins Publish Over FTP Plugin
High
CVE-2022-29050
was published
for
org.jenkins-ci.plugins:publish-over-ftp
(Maven)
Apr 13, 2022
Cross Site Request Forgery in Mingsoft MCMS
High
CVE-2022-27340
was published
for
net.mingsoft:ms-mcms
(Maven)
Apr 23, 2022
Cross-Site Request Forgery in Jenkins
Moderate
CVE-2018-1000195
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Cross-Site Request Forgery in Jenkins
Moderate
CVE-2017-2613
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Cross-Site Request Forgery in Jenkins Git Plugin
High
CVE-2017-1000092
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 17, 2022
Cross-Site Request Forgery in Jolokia
High
CVE-2018-10899
was published
for
org.jolokia:jolokia-core
(Maven)
May 24, 2022
Kirby CMS 2.5.12 Cross-site Request Forgery
Moderate
CVE-2018-14519
was published
for
getkirby/cms
(Composer)
Aug 25, 2022
Froxlor vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2022-3017
was published
for
froxlor/froxlor
(Composer)
Aug 29, 2022
Cross-Site Request Forgery in XXL-Job
High
CVE-2022-29002
was published
for
com.xuxueli:xxl-job
(Maven)
May 24, 2022
Cross-Site Request Forgery in Apache Tomcat
Moderate
CVE-2012-4431
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Cross-Site Request Forgery in Jenkins
High
CVE-2017-1000356
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF
Low
CVE-2022-41925
was published
for
tailscale.com/cmd
(Go)
Nov 21, 2022
Cross-Site Request Forgery in Jolokia
Moderate
CVE-2014-0168
was published
for
org.jolokia:jolokia-core
(Maven)
May 17, 2022
NodeBB account takeover via SSO plugins
High
CVE-2022-36076
was published
for
nodebb
(npm)
Sep 16, 2022
Cross-Site Request Forgery in OWASP CSRFGuard
High
CVE-2021-28490
was published
for
org.owasp:csrfguard
(Maven)
May 24, 2022
XWiki Cross-Site Request Forgery (CSRF) for actions on tags
Moderate
CVE-2022-36095
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Sep 16, 2022
Cross Site Request Forgery in Mingsoft MCMS
High
CVE-2022-29647
was published
for
net.mingsoft:ms-mcms
(Maven)
Jun 3, 2022
Cross-Site Request Forgery in Elefant CMS
High
CVE-2017-20062
was published
for
elefant/cms
(Composer)
Jun 21, 2022
ProTip!
Advisories are also available from the
GraphQL API