Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

319 advisories

Loading
Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery High
CVE-2023-28676 was published for org.jenkins-ci.plugins:convert-to-pipeline (Maven) Apr 2, 2023
Moodle vulnerable to Cross-site Request Forgery High
CVE-2023-28335 was published for moodle/moodle (Composer) Mar 23, 2023
Missing proper state, nonce and PKCE checks for OAuth authentication High
CVE-2023-27490 was published for next-auth (npm) Mar 13, 2023
FINDarkside
Froxlor Cross-Site Request Forgery vulnerability High
CVE-2023-1033 was published for froxlor/froxlor (Composer) Feb 25, 2023
Cross-Site Request Forgery in Jenkins Azure Credentials Plugin High
CVE-2023-25767 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials High
CVE-2023-24432 was published for io.jenkins.plugins:macstadium-orka (Maven) Jan 26, 2023
CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin High
CVE-2023-24434 was published for org.jenkins-ci.plugins:ghprb (Maven) Jan 26, 2023
CSRF vulnerability in Jenkins TestQuality Updater Plugin High
CVE-2023-24452 was published for org.jenkins-ci.plugins:testquality-updater (Maven) Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin High
CVE-2023-24447 was published for org.jenkins-ci.plugins:rabbitmq-consumer (Maven) Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins OpenID Plugin High
CVE-2023-24446 was published for org.jenkins-ci.plugins:openid (Maven) Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins BearyChat Plugin High
CVE-2023-24458 was published for org.jenkins-ci.plugins:bearychat (Maven) Jan 26, 2023
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints High
CVE-2022-43719 was published for apache-superset (pip) Jan 16, 2023
usememos/memos Cross-Site Request Forgery vulnerability High
CVE-2022-4844 was published for github.com/usememos/memos (Go) Dec 29, 2022
Golf may allow attacker to bypass CSRF protections due to weak PRNG High
CVE-2016-15005 was published for github.com/dinever/golf (Go) Dec 28, 2022
destiny.gg chat vulnerable to cross-site request forgery High
CVE-2020-36625 was published for github.com/destinygg/chat (Go) Dec 22, 2022
rdiffweb vulnerable to Cross-Site Request Forgery High
CVE-2022-4646 was published for rdiffweb (pip) Dec 22, 2022
ThinkCMF Cross Site Request Forgery (CSRF) vulnerability High
CVE-2022-40489 was published for thinkcmf/thinkcmf (Composer) Dec 1, 2022
Cross-Site Request Forgery (CSRF) allowing to delete or rename tags High
CVE-2022-41927 was published for org.xwiki.platform:xwiki-platform-tag-ui (Maven) Nov 21, 2022
Concrete CMS vulnerable to Cross-site Request Forgery High
CVE-2022-43693 was published for concrete5/concrete5 (Composer) Nov 14, 2022
Duplicate Advisory: Cross-Site Request Forgery in easyii CMS High
CVE-2022-3772 was published for noumo/easyii (Composer) Oct 31, 2022 withdrawn
Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins High
CVE-2022-43408 was published for org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view (Maven) Oct 19, 2022
Moodle Cross-Site Request Forgery (CSRF) High
CVE-2022-2986 was published for moodle/moodle (Composer) Oct 6, 2022
rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed High
CVE-2022-3274 was published for rdiffweb (pip) Sep 23, 2022
Jenkins build-publisher plugin vulnerable to cross-site request forgery High
CVE-2022-41232 was published for org.jenkins-ci.plugins:build-publisher (Maven) Sep 22, 2022
NotMyFault
NodeBB account takeover via SSO plugins High
CVE-2022-36076 was published for nodebb (npm) Sep 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database