Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,070
Erlang
29
GitHub Actions
19
Go
1,892
Maven
5,000+
npm
3,629
NuGet
638
pip
3,241
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

307 advisories

Loading
Jenkins Folders Plugin cross-site request forgery vulnerability High
CVE-2023-40336 was published for org.jenkins-ci.plugins:cloudbees-folder (Maven) Aug 16, 2023
xuxueli xxl-job Cross-Site Request Forgery Vulnerability High
CVE-2020-24922 was published for com.xuxueli:xxl-job (Maven) Aug 11, 2023
wger Workout Manager Cross-Site Request Forgery vulnerability High
CVE-2023-38759 was published for wger (pip) Aug 8, 2023
Cockpit CMS Cross-Site Request Forgery vulnerability High
CVE-2023-37650 was published for cockpit-hq/cockpit (Composer) Jul 20, 2023
Jenkins Sumologic Publisher Plugin vulnerable to cross-site request forgery High
CVE-2023-37958 was published for org.jenkins-ci.plugins:sumologic-publisher (Maven) Jul 12, 2023
Jenkins Assembla Auth Plugin vulnerable to cross-site request forgery High
CVE-2023-37961 was published for org.jenkins-ci.plugins:assembla-auth (Maven) Jul 12, 2023
Jenkins Benchmark Evaluator Plugin vulnerable to cross-site request forgery High
CVE-2023-37962 was published for io.jenkins.plugins:benchmark-evaluator (Maven) Jul 12, 2023
Jenkins ElasticBox CI Plugin vulnerable to cross-site request forgery High
CVE-2023-37964 was published for org.jenkins-ci.plugins:elasticbox (Maven) Jul 12, 2023
Jenkins Pipeline restFul API Plugin vulnerable to Cross Site Request Forgery High
CVE-2023-37957 was published for io.jenkins.plugins:pipeline-restful-api (Maven) Jul 12, 2023
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state High
CVE-2023-31999 was published for @fastify/oauth2 (npm) Jul 5, 2023
erezarnon panva
mcollina marco-ippolito
GilaCMS Cross Site Request Forgery vulnerability High
CVE-2020-20726 was published for gilacms/gila (Composer) Jun 20, 2023
Jenkins CSRF protection bypass vulnerability High
CVE-2023-35141 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 14, 2023
Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability High
CVE-2023-32991 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
SvelteKit framework has Insufficient CSRF protection for CORS requests High
CVE-2023-29008 was published for @sveltejs/kit (npm) Apr 7, 2023
Ry0taK benmccann
dominikg Conduitry
SvelteKit vulnerable to Cross-Site Request Forgery High
CVE-2023-29003 was published for @sveltejs/kit (npm) Apr 4, 2023
v1ktor0t benmccann
Conduitry eltigerchino dominikg
Phachon mm-wiki Cross Site Request Forgery vulnerability High
CVE-2020-19278 was published for github.com/phachon/mm-wiki (Go) Apr 4, 2023
Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery High
CVE-2023-28676 was published for org.jenkins-ci.plugins:convert-to-pipeline (Maven) Apr 2, 2023
Moodle vulnerable to Cross-site Request Forgery High
CVE-2023-28335 was published for moodle/moodle (Composer) Mar 23, 2023
Missing proper state, nonce and PKCE checks for OAuth authentication High
CVE-2023-27490 was published for next-auth (npm) Mar 13, 2023
FINDarkside
Froxlor Cross-Site Request Forgery vulnerability High
CVE-2023-1033 was published for froxlor/froxlor (Composer) Feb 25, 2023
Cross-Site Request Forgery in Jenkins Azure Credentials Plugin High
CVE-2023-25767 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin High
CVE-2023-24434 was published for org.jenkins-ci.plugins:ghprb (Maven) Jan 26, 2023
CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials High
CVE-2023-24432 was published for io.jenkins.plugins:macstadium-orka (Maven) Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins OpenID Plugin High
CVE-2023-24446 was published for org.jenkins-ci.plugins:openid (Maven) Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin High
CVE-2023-24447 was published for org.jenkins-ci.plugins:rabbitmq-consumer (Maven) Jan 26, 2023
ProTip! Advisories are also available from the GraphQL API