Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

319 advisories

Loading
rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access High
CVE-2022-3221 was published for rdiffweb (pip) Sep 16, 2022
Apache JSPWiki CSRF due to crafted invocation on the Image plugin High
CVE-2022-34158 was published for org.apache.jspwiki:jspwiki-main (Maven) Aug 5, 2022
Jenkins Coverity Plugin vulnerable to cross-site request forgery (CSRF) High
CVE-2022-36920 was published for org.jenkins-ci.plugins:coverity (Maven) Jul 28, 2022
NotMyFault
Togglz console missing cross-site request forgery (CSRF) protection High
CVE-2020-28191 was published for org.togglz:togglz-console (Maven) Jul 15, 2022
Cross-Site Request Forgery in Jenkins Recipe Plugin High
CVE-2022-34792 was published for org.jenkins-ci.plugins:recipe (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Elefant CMS High
CVE-2017-20062 was published for elefant/cms (Composer) Jun 21, 2022
Cross Site Request Forgery in Mingsoft MCMS High
CVE-2022-29647 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
Moodle contains CSRF vulnerability High
CVE-2021-43559 was published for moodle/moodle (Composer) May 24, 2022
Jenkins SAML Plugin allows bypassing CSRF protection for any URL High
CVE-2021-21678 was published for org.jenkins-ci.plugins:saml (Maven) May 24, 2022
NotMyFault
Jenkins Azure AD Plugin allows bypassing CSRF protection for any URL High
CVE-2021-21679 was published for org.jenkins-ci.plugins:azure-ad (Maven) May 24, 2022
NotMyFault
Cross-Site Request Forgery in OWASP CSRFGuard High
CVE-2021-28490 was published for org.owasp:csrfguard (Maven) May 24, 2022
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability High
CVE-2020-13663 was published for drupal/core (Composer) May 24, 2022
westonsteimel
CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials High
CVE-2021-21665 was published for com.xebialabs.deployit.ci:deployit-plugin (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Team Foundation Server Plugin allow capturing credentials High
CVE-2021-21638 was published for org.jenkins-ci.plugins:tfs (Maven) May 24, 2022
NotMyFault
CSRF vulnerability and in Jenkins OWASP Dependency-Track Plugin allow capturing credentials High
CVE-2021-21633 was published for org.jenkins-ci.plugins:dependency-track (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Build With Parameters Plugin High
CVE-2021-21629 was published for org.jenkins-ci.plugins:build-with-parameters (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Libvirt Agents Plugin High
CVE-2021-21627 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
NotMyFault
Grav CMS Cross-Site Request Forgery (CSRF) High
CVE-2020-29553 was published for getgrav/grav (Composer) May 24, 2022
CSRF vulnerability in Jenkins Configuration Slicing Plugin High
CVE-2021-21617 was published for org.jenkins-ci.plugins:configurationslicing (Maven) May 24, 2022
NotMyFault
CakePHP allows method override parameters to bypass CSRF checks High
CVE-2020-35239 was published for cakephp/cakephp (Composer) May 24, 2022
ravage84
CSRF vulnerability in Jenkins Shelve Project Plugin High
CVE-2020-2321 was published for org.jenkins-ci.plugins:shelve-project-plugin (Maven) May 24, 2022
NotMyFault
Subrion CMS CSRF Vulnerability High
CVE-2019-7357 was published for intelliants/subrion (Composer) May 24, 2022
PyroCMS Vulnerable to CSRF High
CVE-2020-25263 was published for pyrocms/pyrocms (Composer) May 24, 2022
CSRF vulnerability in Jenkins warnings Plugin allows remote code execution High
CVE-2020-2280 was published for org.jvnet.hudson.plugins:warnings (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Database Plugin High
CVE-2020-2240 was published for org.jenkins-ci.plugins:database (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database