Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

319 advisories

Loading
Jenkins MATLAB Plugin cross-site request forgery vulnerability High
CVE-2023-49655 was published for org.jenkins-ci.plugins:matlab (Maven) Nov 29, 2023
Cross Site Request Forgery in SwiftyEdit High
CVE-2023-47350 was published for swiftyedit/swiftyedit (Composer) Nov 22, 2023
Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries High
CVE-2023-48293 was published for org.xwiki.contrib:xwiki-application-admintools (Maven) Nov 20, 2023
Cross-Site Request Forgery vulnerability in Prefect High
CVE-2023-6022 was published for prefect (pip) Nov 16, 2023
zangell44 bunchesofdonald
Go Fiber CSRF Token Validation Vulnerability High
CVE-2023-45141 was published for github.com/gofiber/fiber/v2 (Go) Oct 17, 2023
sixcolors ReneWerner87
gaby rosenblueh
Cross-Site Request Forgery (CSRF) in snipe/snipe-it High
CVE-2023-5511 was published for snipe/snipe-it (Composer) Oct 11, 2023
Cross-Site Request Forgery (CSRF) in usememos/memos High
CVE-2023-5036 was published for github.com/usememos/memos (Go) Sep 18, 2023
XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action High
CVE-2023-40572 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Aug 23, 2023
Jenkins Folders Plugin cross-site request forgery vulnerability High
CVE-2023-40336 was published for org.jenkins-ci.plugins:cloudbees-folder (Maven) Aug 16, 2023
xuxueli xxl-job Cross-Site Request Forgery Vulnerability High
CVE-2020-24922 was published for com.xuxueli:xxl-job (Maven) Aug 11, 2023
wger Workout Manager Cross-Site Request Forgery vulnerability High
CVE-2023-38759 was published for wger (pip) Aug 8, 2023
Cockpit CMS Cross-Site Request Forgery vulnerability High
CVE-2023-37650 was published for cockpit-hq/cockpit (Composer) Jul 20, 2023
Jenkins Assembla Auth Plugin vulnerable to cross-site request forgery High
CVE-2023-37961 was published for org.jenkins-ci.plugins:assembla-auth (Maven) Jul 12, 2023
Jenkins Benchmark Evaluator Plugin vulnerable to cross-site request forgery High
CVE-2023-37962 was published for io.jenkins.plugins:benchmark-evaluator (Maven) Jul 12, 2023
Jenkins ElasticBox CI Plugin vulnerable to cross-site request forgery High
CVE-2023-37964 was published for org.jenkins-ci.plugins:elasticbox (Maven) Jul 12, 2023
Jenkins Sumologic Publisher Plugin vulnerable to cross-site request forgery High
CVE-2023-37958 was published for org.jenkins-ci.plugins:sumologic-publisher (Maven) Jul 12, 2023
Jenkins Pipeline restFul API Plugin vulnerable to Cross Site Request Forgery High
CVE-2023-37957 was published for io.jenkins.plugins:pipeline-restful-api (Maven) Jul 12, 2023
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state High
CVE-2023-31999 was published for @fastify/oauth2 (npm) Jul 5, 2023
erezarnon panva
mcollina marco-ippolito
GilaCMS Cross Site Request Forgery vulnerability High
CVE-2020-20726 was published for gilacms/gila (Composer) Jun 20, 2023
Jenkins CSRF protection bypass vulnerability High
CVE-2023-35141 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 14, 2023
Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability High
CVE-2023-32991 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
modoboa vulnerable to Cross-Site Request Forgery High
CVE-2023-2228 was published for modoboa (pip) Apr 21, 2023
SvelteKit framework has Insufficient CSRF protection for CORS requests High
CVE-2023-29008 was published for @sveltejs/kit (npm) Apr 7, 2023
Ry0taK benmccann
dominikg Conduitry
SvelteKit vulnerable to Cross-Site Request Forgery High
CVE-2023-29003 was published for @sveltejs/kit (npm) Apr 4, 2023
v1ktor0t benmccann
Conduitry eltigerchino dominikg
Phachon mm-wiki Cross Site Request Forgery vulnerability High
CVE-2020-19278 was published for github.com/phachon/mm-wiki (Go) Apr 4, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database