Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,050
Erlang
29
GitHub Actions
19
Go
1,876
Maven
5,000+
npm
3,602
NuGet
638
pip
3,199
Pub
10
RubyGems
852
Rust
813
Swift
35
Unreviewed advisories
All unreviewed
5,000+

333 advisories

Cross-site scripting in Swagger-UI Critical
CVE-2019-17495 was published for io.springfox:springfox-swagger-ui (Maven) Oct 15, 2019
mustafanaa
Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-49673 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Nov 29, 2023
secjoker
CSRF vulnerability in Jenkins Nomad Plugin allow SSRF Moderate
CVE-2019-10292 was published for org.jenkins-ci.plugins:kmap-jenkins (Maven) May 13, 2022
Cross-Site Request Forgery in Apache Wicket Moderate
CVE-2024-27439 was published for org.apache.wicket:wicket (Maven) Mar 19, 2024
Apache Zeppelin CSRF vulnerability in the Credentials page Moderate
CVE-2021-28656 was published for org.apache.zeppelin:zeppelin-web (Maven) Apr 9, 2024
Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2024-2215 was published for org.jenkins-ci.plugins:docker-build-step (Maven) Mar 6, 2024
Jenkins Subversion Partial Release Manager Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-28158 was published for org.jenkins-ci.plugins:svn-partial-release-mgr (Maven) Mar 6, 2024
BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-3825 was published for com.blazemeter.plugins:BlazeMeterJenkinsPlugin (Maven) Apr 17, 2024
High severity vulnerability that affects io.vertx:vertx-web High
CVE-2018-12540 was published for io.vertx:vertx-web (Maven) Oct 17, 2018
MarkLee131
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3 Moderate
CVE-2017-12631 was published for org.apache.cxf.fediz:fediz-spring (Maven) Oct 18, 2018
MarkLee131
XWiki Platform CSRF remote code execution through the realtime HTML Converter API Critical
CVE-2024-31988 was published for org.xwiki.platform:xwiki-platform-realtime-ui (Maven) Apr 10, 2024
XWiki Platform CSRF remote code execution through scheduler job's document reference Critical
CVE-2024-31986 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 10, 2024
XWiki Platform CSRF in the job scheduler Moderate
CVE-2024-31985 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 10, 2024
CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux Moderate
CVE-2020-5397 was published for org.springframework:spring-webflux (Maven) Jan 21, 2020
sunSUNQ
Cross-Site Request Forgery in Jenkins High
CVE-2020-2160 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault sunSUNQ
Cross-Site Request Forgery in Jenkins High
CVE-2017-1000504 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
Cloud Foundry vulnerable to Cross-Site Request Forgery Critical
CVE-2016-6637 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry Runtime Cross-Site Request Forgery vulnerability High
CVE-2015-5170 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cross-Site Request Forgery in Spring Framework Moderate
CVE-2014-0054 was published for org.springframework:spring-webmvc (Maven) May 13, 2022
sunSUNQ
Cross-Site Request Forgery in Spring Framework Moderate
CVE-2013-6429 was published for org.springframework:spring-web (Maven) May 13, 2022
sunSUNQ
Cross-Site Request Forgery in Spring Framework Moderate
CVE-2013-4152 was published for org.springframework:spring-oxm (Maven) May 13, 2022
sunSUNQ
Apache Geronimo Application Server CSRF vulnerabilities Moderate
CVE-2009-0039 was published for org.apache.geronimo.plugins:console (Maven) May 2, 2022
westonsteimel MarkLee131
CSRF vulnerability in Jenkins GitLab Branch Source Plugin Moderate
CVE-2024-23902 was published for io.jenkins.plugins:gitlab-branch-source (Maven) Jan 24, 2024
CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin Moderate
CVE-2023-41942 was published for org.jenkins-ci.plugins:aws-codecommit-trigger (Maven) Sep 6, 2023
Cross-site request forgery vulnerability in Jenkins XL TestView Plugin High
CVE-2019-10386 was published for com.xebialabs.xlt.ci:xltestview-plugin (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API