GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,070
Erlang
29
GitHub Actions
19
Go
1,892
Maven
5,000+
npm
3,629
NuGet
638
pip
3,241
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
307 advisories
Filter by severity
Jenkins Folders Plugin cross-site request forgery vulnerability
High
CVE-2023-40336
was published
for
org.jenkins-ci.plugins:cloudbees-folder
(Maven)
Aug 16, 2023
xuxueli xxl-job Cross-Site Request Forgery Vulnerability
High
CVE-2020-24922
was published
for
com.xuxueli:xxl-job
(Maven)
Aug 11, 2023
wger Workout Manager Cross-Site Request Forgery vulnerability
High
CVE-2023-38759
was published
for
wger
(pip)
Aug 8, 2023
Cockpit CMS Cross-Site Request Forgery vulnerability
High
CVE-2023-37650
was published
for
cockpit-hq/cockpit
(Composer)
Jul 20, 2023
Jenkins Sumologic Publisher Plugin vulnerable to cross-site request forgery
High
CVE-2023-37958
was published
for
org.jenkins-ci.plugins:sumologic-publisher
(Maven)
Jul 12, 2023
Jenkins Assembla Auth Plugin vulnerable to cross-site request forgery
High
CVE-2023-37961
was published
for
org.jenkins-ci.plugins:assembla-auth
(Maven)
Jul 12, 2023
Jenkins Benchmark Evaluator Plugin vulnerable to cross-site request forgery
High
CVE-2023-37962
was published
for
io.jenkins.plugins:benchmark-evaluator
(Maven)
Jul 12, 2023
Jenkins ElasticBox CI Plugin vulnerable to cross-site request forgery
High
CVE-2023-37964
was published
for
org.jenkins-ci.plugins:elasticbox
(Maven)
Jul 12, 2023
Jenkins Pipeline restFul API Plugin vulnerable to Cross Site Request Forgery
High
CVE-2023-37957
was published
for
io.jenkins.plugins:pipeline-restful-api
(Maven)
Jul 12, 2023
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state
High
CVE-2023-31999
was published
for
@fastify/oauth2
(npm)
Jul 5, 2023
GilaCMS Cross Site Request Forgery vulnerability
High
CVE-2020-20726
was published
for
gilacms/gila
(Composer)
Jun 20, 2023
Jenkins CSRF protection bypass vulnerability
High
CVE-2023-35141
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 14, 2023
Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability
High
CVE-2023-32991
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
SvelteKit framework has Insufficient CSRF protection for CORS requests
High
CVE-2023-29008
was published
for
@sveltejs/kit
(npm)
Apr 7, 2023
SvelteKit vulnerable to Cross-Site Request Forgery
High
CVE-2023-29003
was published
for
@sveltejs/kit
(npm)
Apr 4, 2023
Phachon mm-wiki Cross Site Request Forgery vulnerability
High
CVE-2020-19278
was published
for
github.com/phachon/mm-wiki
(Go)
Apr 4, 2023
Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery
High
CVE-2023-28676
was published
for
org.jenkins-ci.plugins:convert-to-pipeline
(Maven)
Apr 2, 2023
Moodle vulnerable to Cross-site Request Forgery
High
CVE-2023-28335
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Missing proper state, nonce and PKCE checks for OAuth authentication
High
CVE-2023-27490
was published
for
next-auth
(npm)
Mar 13, 2023
Froxlor Cross-Site Request Forgery vulnerability
High
CVE-2023-1033
was published
for
froxlor/froxlor
(Composer)
Feb 25, 2023
Cross-Site Request Forgery in Jenkins Azure Credentials Plugin
High
CVE-2023-25767
was published
for
org.jenkins-ci.plugins:azure-credentials
(Maven)
Feb 15, 2023
CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin
High
CVE-2023-24434
was published
for
org.jenkins-ci.plugins:ghprb
(Maven)
Jan 26, 2023
CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials
High
CVE-2023-24432
was published
for
io.jenkins.plugins:macstadium-orka
(Maven)
Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins OpenID Plugin
High
CVE-2023-24446
was published
for
org.jenkins-ci.plugins:openid
(Maven)
Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin
High
CVE-2023-24447
was published
for
org.jenkins-ci.plugins:rabbitmq-consumer
(Maven)
Jan 26, 2023
ProTip!
Advisories are also available from the
GraphQL API