GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,071
Erlang
29
GitHub Actions
19
Go
1,893
Maven
5,000+
npm
3,630
NuGet
638
pip
3,243
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
177 advisories
Filter by severity
Cross-Site Request Forgery in Jenkins Mailer Plugin
Moderate
CVE-2022-20613
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
Jan 13, 2022
Cross-Site Request Forgery in Apache Struts
Moderate
CVE-2014-7809
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF
Moderate
CVE-2022-27204
was published
for
org.jenkins-ci.plugins:extended-choice-parameter
(Maven)
Mar 16, 2022
Cross-Site Request Forgery in Jenkins
Moderate
CVE-2022-20612
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 21, 2022
Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-43502
was published
for
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
(Maven)
Sep 20, 2023
Cross-site request forgery in Jenkins Gerrit Trigger Plugin
Moderate
CVE-2023-24423
was published
for
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
(Maven)
Jan 26, 2023
Jenkins LDAP Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2023-32978
was published
for
org.jenkins-ci.plugins:ldap
(Maven)
May 16, 2023
Jenkins Code Dx Plugin cross-site request forgery vulnerability
Moderate
CVE-2023-2195
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Jenkins Job Configuration History Plugin does not require POST requests for several HTTP endpoints
Moderate
CVE-2022-36887
was published
for
org.jenkins-ci.plugins:jobConfigHistory
(Maven)
Jul 28, 2022
Jenkins Sonar Gerrit Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-46688
was published
for
org.jenkins-ci.plugins:sonar-gerrit
(Maven)
Dec 12, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36882
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
Jenkins Test Results Aggregator Plugin vulnerable to Cross Site Request Forgery
Moderate
CVE-2023-37955
was published
for
org.jenkins-ci.plugins:test-results-aggregator
(Maven)
Jul 12, 2023
CSRF vulnerability in Jenkins Keycloak Authentication Plugin
Moderate
CVE-2023-24457
was published
for
org.jenkins-ci.plugins:keycloak
(Maven)
Jan 26, 2023
Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2023-30529
was published
for
org.jenkins-ci.plugins:lucene-search
(Maven)
Apr 12, 2023
CSRF vulnerability in MongoDB Plugin
Moderate
CVE-2020-2268
was published
for
org.jenkins-ci.plugins:mongodb
(Maven)
May 24, 2022
Jenkins Job Import Plugin CSRF vulnerability
Moderate
CVE-2019-1003017
was published
for
org.jenkins-ci.plugins:job-import-plugin
(Maven)
May 13, 2022
Jenkins JUnit Plugin CSRF vulnerability
Moderate
CVE-2018-1000411
was published
for
org.jenkins-ci.plugins:junit
(Maven)
May 14, 2022
Jenkins OpenID Plugin CSRF vulnerability
Moderate
CVE-2019-1003098
was published
for
org.jenkins-ci.plugins:openid
(Maven)
May 13, 2022
CSRF vulnerability in Zephyr Enterprise Test Management Plugin
Moderate
CVE-2019-1003084
was published
for
org.jenkins-ci.plugins:zephyr-enterprise-test-management
(Maven)
May 13, 2022
Jenkins Fortify on Demand Uploader Plugin CSRF vulnerability
Moderate
CVE-2019-1003046
was published
for
org.jenkins-ci.plugins:fortify-on-demand-uploader
(Maven)
May 13, 2022
External Monitor Job Type Plugin does not require POST requests for an HTTP endpoint
Moderate
CVE-2022-36886
was published
for
org.jenkins-ci.plugins:external-monitor-job
(Maven)
Jul 28, 2022
CSRF vulnerability in Proxmox Plugin
Moderate
CVE-2022-28143
was published
for
org.jenkins-ci.plugins:proxmox
(Maven)
Mar 30, 2022
CSRF vulnerability in Jenkins Mantis Plugin
Moderate
CVE-2019-16569
was published
for
org.jenkins-ci.plugins:mantis
(Maven)
May 24, 2022
Cross-site request forgery vulnerability in Jenkins Artifactory Plugin
Moderate
CVE-2019-10324
was published
for
org.jenkins-ci.plugins:artifactory
(Maven)
May 24, 2022
Jenkins Warnings NG Plugin cross-site request forgery vulnerability
Moderate
CVE-2019-10326
was published
for
io.jenkins.plugins:warnings-ng
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API