GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
349 advisories
Filter by severity
Jenkins Favorite View Plugin cross-site request forgery vulnerability
Moderate
CVE-2023-40351
was published
for
org.jenkins-ci.plugins:favorite-view
(Maven)
Aug 16, 2023
Jenkins Folders Plugin cross-site request forgery vulnerability
Moderate
CVE-2023-40337
was published
for
org.jenkins-ci.plugins:cloudbees-folder
(Maven)
Aug 16, 2023
Credential leakage in Jenkins Plug-in for ServiceNow
Moderate
CVE-2023-3414
was published
for
io.jenkins.plugins:servicenow-devops
(Maven)
Jul 26, 2023
CSRF vulnerability in GitLab Authentication Plugin
Moderate
CVE-2023-39153
was published
for
org.jenkins-ci.plugins:gitlab-oauth
(Maven)
Jul 26, 2023
CSRF vulnerability in Bazaar Plugin
Moderate
CVE-2023-39156
was published
for
org.jenkins-ci.plugins:bazaar
(Maven)
Jul 26, 2023
Jenkins Test Results Aggregator Plugin vulnerable to Cross Site Request Forgery
Moderate
CVE-2023-37955
was published
for
org.jenkins-ci.plugins:test-results-aggregator
(Maven)
Jul 12, 2023
Jenkins Rebuilder Plugin vulnerable to Cross Site Request Forgery
Moderate
CVE-2023-37954
was published
for
com.sonyericsson.hudson.plugins.rebuild:rebuild
(Maven)
Jul 12, 2023
Jenkins mabl Plugin vulnerable to cross-site request forgery
Moderate
CVE-2023-37952
was published
for
com.mabl.integration.jenkins:mabl-integration
(Maven)
Jul 12, 2023
Casdoor Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-34927
was published
for
github.com/casdoor/casdoor
(Go)
Jun 22, 2023
Jenkins Digital.ai App Management Publisher Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2023-35148
was published
for
org.jenkins-ci.plugins:ease-plugin
(Maven)
Jun 14, 2023
Jenkins Code Dx Plugin cross-site request forgery vulnerability
Moderate
CVE-2023-2195
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Jenkins LDAP Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2023-32978
was published
for
org.jenkins-ci.plugins:ldap
(Maven)
May 16, 2023
Jenkins Tag Profiler Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2023-33003
was published
for
org.jenkins-ci.plugins:tag-profiler
(Maven)
May 16, 2023
Jenkins Email Extension Plugin Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-32980
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
May 16, 2023
Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability
Moderate
CVE-2023-32987
was published
for
org.jenkins-ci.plugins:reverse-proxy-auth-plugin
(Maven)
May 16, 2023
Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-32995
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
Jenkins Azure VM Agents Plugin Cross-site Request Forgery vulnerability
Moderate
CVE-2023-32989
was published
for
org.jenkins-ci.plugins:azure-vm-agents
(Maven)
May 16, 2023
Jenkins AppSpider Plugin Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-32998
was published
for
com.rapid7:jenkinsci-appspider-plugin
(Maven)
May 16, 2023
Jenkins WSO2 Oauth Plugin cross-site request forgery vulnerability
Moderate
CVE-2023-33006
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
May 16, 2023
@builder.io/qwik-city Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-2307
was published
for
@builder.io/qwik-city
(npm)
Apr 26, 2023
CSRF token fixation in fastify-passport
Moderate
CVE-2023-29020
was published
for
@fastify/passport
(npm)
Apr 21, 2023
modoboa vulnerable to Cross-Site Request Forgery
Moderate
CVE-2023-2228
was published
for
modoboa
(pip)
Apr 21, 2023
Bypass of CSRF protection in the presence of predictable userInfo
Moderate
CVE-2023-27495
was published
for
@fastify/csrf-protection
(npm)
Apr 20, 2023
Jenkins Report Portal Plugin Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-30525
was published
for
org.jenkins-ci.plugins:reportportal
(Maven)
Apr 12, 2023
Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2023-30529
was published
for
org.jenkins-ci.plugins:lucene-search
(Maven)
Apr 12, 2023
ProTip!
Advisories are also available from the
GraphQL API