Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,071
Erlang
29
GitHub Actions
19
Go
1,893
Maven
5,000+
npm
3,630
NuGet
638
pip
3,243
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

177 advisories

Loading
Cross-Site Request Forgery in Jenkins Mailer Plugin Moderate
CVE-2022-20613 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022
NotMyFault westonsteimel
Cross-Site Request Forgery in Apache Struts Moderate
CVE-2014-7809 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF Moderate
CVE-2022-27204 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Mar 16, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Moderate
CVE-2022-20612 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 21, 2022
Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-43502 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) Sep 20, 2023
Cross-site request forgery in Jenkins Gerrit Trigger Plugin Moderate
CVE-2023-24423 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) Jan 26, 2023
Jenkins LDAP Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-32978 was published for org.jenkins-ci.plugins:ldap (Maven) May 16, 2023
Jenkins Code Dx Plugin cross-site request forgery vulnerability Moderate
CVE-2023-2195 was published for org.jenkins-ci.plugins:codedx (Maven) May 16, 2023
Jenkins Job Configuration History Plugin does not require POST requests for several HTTP endpoints Moderate
CVE-2022-36887 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Jul 28, 2022
Jenkins Sonar Gerrit Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-46688 was published for org.jenkins-ci.plugins:sonar-gerrit (Maven) Dec 12, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36882 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
Jenkins Test Results Aggregator Plugin vulnerable to Cross Site Request Forgery Moderate
CVE-2023-37955 was published for org.jenkins-ci.plugins:test-results-aggregator (Maven) Jul 12, 2023
CSRF vulnerability in Jenkins Keycloak Authentication Plugin Moderate
CVE-2023-24457 was published for org.jenkins-ci.plugins:keycloak (Maven) Jan 26, 2023
Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-30529 was published for org.jenkins-ci.plugins:lucene-search (Maven) Apr 12, 2023
CSRF vulnerability in MongoDB Plugin Moderate
CVE-2020-2268 was published for org.jenkins-ci.plugins:mongodb (Maven) May 24, 2022
NotMyFault
Jenkins Job Import Plugin CSRF vulnerability Moderate
CVE-2019-1003017 was published for org.jenkins-ci.plugins:job-import-plugin (Maven) May 13, 2022
Jenkins JUnit Plugin CSRF vulnerability Moderate
CVE-2018-1000411 was published for org.jenkins-ci.plugins:junit (Maven) May 14, 2022
Jenkins OpenID Plugin CSRF vulnerability Moderate
CVE-2019-1003098 was published for org.jenkins-ci.plugins:openid (Maven) May 13, 2022
CSRF vulnerability in Zephyr Enterprise Test Management Plugin Moderate
CVE-2019-1003084 was published for org.jenkins-ci.plugins:zephyr-enterprise-test-management (Maven) May 13, 2022
Jenkins Fortify on Demand Uploader Plugin CSRF vulnerability Moderate
CVE-2019-1003046 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 13, 2022
External Monitor Job Type Plugin does not require POST requests for an HTTP endpoint Moderate
CVE-2022-36886 was published for org.jenkins-ci.plugins:external-monitor-job (Maven) Jul 28, 2022
CSRF vulnerability in Proxmox Plugin Moderate
CVE-2022-28143 was published for org.jenkins-ci.plugins:proxmox (Maven) Mar 30, 2022
CSRF vulnerability in Jenkins Mantis Plugin Moderate
CVE-2019-16569 was published for org.jenkins-ci.plugins:mantis (Maven) May 24, 2022
Cross-site request forgery vulnerability in Jenkins Artifactory Plugin Moderate
CVE-2019-10324 was published for org.jenkins-ci.plugins:artifactory (Maven) May 24, 2022
Jenkins Warnings NG Plugin cross-site request forgery vulnerability Moderate
CVE-2019-10326 was published for io.jenkins.plugins:warnings-ng (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API