Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,350
Erlang
31
GitHub Actions
22
Go
2,119
Maven
5,000+
npm
3,778
NuGet
680
pip
3,459
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

359 advisories

Loading
Jenkins Digital.ai App Management Publisher Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-35148 was published for org.jenkins-ci.plugins:ease-plugin (Maven) Jun 14, 2023
Jenkins Code Dx Plugin cross-site request forgery vulnerability Moderate
CVE-2023-2195 was published for org.jenkins-ci.plugins:codedx (Maven) May 16, 2023
Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability Moderate
CVE-2023-32987 was published for org.jenkins-ci.plugins:reverse-proxy-auth-plugin (Maven) May 16, 2023
Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-32995 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
Jenkins Azure VM Agents Plugin Cross-site Request Forgery vulnerability Moderate
CVE-2023-32989 was published for org.jenkins-ci.plugins:azure-vm-agents (Maven) May 16, 2023
Jenkins Email Extension Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-32980 was published for org.jenkins-ci.plugins:email-ext (Maven) May 16, 2023
Jenkins Tag Profiler Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-33003 was published for org.jenkins-ci.plugins:tag-profiler (Maven) May 16, 2023
Jenkins WSO2 Oauth Plugin cross-site request forgery vulnerability Moderate
CVE-2023-33006 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
Jenkins LDAP Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-32978 was published for org.jenkins-ci.plugins:ldap (Maven) May 16, 2023
Jenkins AppSpider Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-32998 was published for com.rapid7:jenkinsci-appspider-plugin (Maven) May 16, 2023
@builder.io/qwik-city Cross-Site Request Forgery vulnerability Moderate
CVE-2023-2307 was published for @builder.io/qwik-city (npm) Apr 26, 2023
CSRF token fixation in fastify-passport Moderate
CVE-2023-29020 was published for @fastify/passport (npm) Apr 21, 2023
pedromigueladao lavish
Bypass of CSRF protection in the presence of predictable userInfo Moderate
CVE-2023-27495 was published for @fastify/csrf-protection (npm) Apr 20, 2023
pedromigueladao lavish
Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-30529 was published for org.jenkins-ci.plugins:lucene-search (Maven) Apr 12, 2023
Jenkins Report Portal Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-30525 was published for org.jenkins-ci.plugins:reportportal (Maven) Apr 12, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery Moderate
CVE-2023-28671 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery Moderate
CVE-2023-28674 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
OpenNMS Meridian and Horizon vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-0870 was published for org.opennms:opennms-webapp (Maven) Mar 22, 2023
Possible CSRF token fixation Moderate
CVE-2023-25170 was published for prestashop/prestashop (Composer) Mar 13, 2023
apollo-portal has potential CSRF issue Moderate
CVE-2023-25569 was published for com.ctrip.framework.apollo:apollo (Maven) Feb 22, 2023
Cross-Site Request Forgery (CSRF) in wallabag/wallabag Moderate
CVE-2023-0735 was published for wallabag/wallabag (Composer) Feb 8, 2023
Cross-Site Request Forgery in XXL Job Moderate
CVE-2023-0674 was published for com.xuxueli:xxl-job (Maven) Feb 4, 2023
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2 Moderate
CVE-2023-25015 was published for clockwork_web (RubyGems) Feb 2, 2023
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24437 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin Moderate
CVE-2023-24428 was published for org.jenkins-ci.plugins:bitbucket-oauth (Maven) Jan 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database