Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,761
Maven
5,000+
npm
4,368
NuGet
767
pip
4,137
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

160 advisories

Loading
Cross-Site Request Forgery in JFinalCMS via the component /admin/friend_link/save High
CVE-2023-49379 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS High
CVE-2023-49372 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/form/save High
CVE-2023-49378 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/tag/update High
CVE-2023-49377 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/delete High
CVE-2023-49380 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS High
CVE-2023-49373 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/slide/update High
CVE-2023-49374 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Jenkins MATLAB Plugin cross-site request forgery vulnerability High
CVE-2023-49655 was published for org.jenkins-ci.plugins:matlab (Maven) Nov 29, 2023
Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries High
CVE-2023-48293 was published for org.xwiki.contrib:xwiki-application-admintools (Maven) Nov 20, 2023
XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action High
CVE-2023-40572 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Aug 23, 2023
Jenkins Folders Plugin cross-site request forgery vulnerability High
CVE-2023-40336 was published for org.jenkins-ci.plugins:cloudbees-folder (Maven) Aug 16, 2023
xuxueli xxl-job Cross-Site Request Forgery Vulnerability High
CVE-2020-24922 was published for com.xuxueli:xxl-job (Maven) Aug 11, 2023
Jenkins Benchmark Evaluator Plugin vulnerable to cross-site request forgery High
CVE-2023-37962 was published for io.jenkins.plugins:benchmark-evaluator (Maven) Jul 12, 2023
Jenkins Sumologic Publisher Plugin vulnerable to cross-site request forgery High
CVE-2023-37958 was published for org.jenkins-ci.plugins:sumologic-publisher (Maven) Jul 12, 2023
Jenkins Assembla Auth Plugin vulnerable to cross-site request forgery High
CVE-2023-37961 was published for org.jenkins-ci.plugins:assembla-auth (Maven) Jul 12, 2023
Jenkins ElasticBox CI Plugin vulnerable to cross-site request forgery High
CVE-2023-37964 was published for org.jenkins-ci.plugins:elasticbox (Maven) Jul 12, 2023
Jenkins Pipeline restFul API Plugin vulnerable to Cross Site Request Forgery High
CVE-2023-37957 was published for io.jenkins.plugins:pipeline-restful-api (Maven) Jul 12, 2023
Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module High
CVE-2023-35030 was published for com.liferay.portal:release.dxp.bom (Maven) Jun 15, 2023
Jenkins CSRF protection bypass vulnerability High
CVE-2023-35141 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 14, 2023
Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability High
CVE-2023-32991 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery High
CVE-2023-28676 was published for org.jenkins-ci.plugins:convert-to-pipeline (Maven) Apr 2, 2023
Cross-Site Request Forgery in Jenkins Azure Credentials Plugin High
CVE-2023-25767 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin High
CVE-2023-24434 was published for org.jenkins-ci.plugins:ghprb (Maven) Jan 26, 2023
CSRF vulnerability in Jenkins TestQuality Updater Plugin High
CVE-2023-24452 was published for org.jenkins-ci.plugins:testquality-updater (Maven) Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin High
CVE-2023-24447 was published for org.jenkins-ci.plugins:rabbitmq-consumer (Maven) Jan 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database