Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,761
Maven
5,000+
npm
4,368
NuGet
767
pip
4,137
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

344 advisories

Loading
Cross-site request forgery vulnerability in Jenkins OpenID Plugin High
CVE-2023-24446 was published for org.jenkins-ci.plugins:openid (Maven) Jan 26, 2023
CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials High
CVE-2023-24432 was published for io.jenkins.plugins:macstadium-orka (Maven) Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins BearyChat Plugin High
CVE-2023-24458 was published for org.jenkins-ci.plugins:bearychat (Maven) Jan 26, 2023
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints High
CVE-2022-43719 was published for apache-superset (pip) Jan 16, 2023
usememos/memos Cross-Site Request Forgery vulnerability High
CVE-2022-4844 was published for github.com/usememos/memos (Go) Dec 29, 2022
Golf may allow attacker to bypass CSRF protections due to weak PRNG High
CVE-2016-15005 was published for github.com/dinever/golf (Go) Dec 28, 2022
destiny.gg chat vulnerable to cross-site request forgery High
CVE-2020-36625 was published for github.com/destinygg/chat (Go) Dec 22, 2022
rdiffweb vulnerable to Cross-Site Request Forgery High
CVE-2022-4646 was published for rdiffweb (pip) Dec 22, 2022
ThinkCMF Cross Site Request Forgery (CSRF) vulnerability High
CVE-2022-40489 was published for thinkcmf/thinkcmf (Composer) Dec 1, 2022
Cross-Site Request Forgery (CSRF) allowing to delete or rename tags High
CVE-2022-41927 was published for org.xwiki.platform:xwiki-platform-tag-ui (Maven) Nov 21, 2022
Concrete CMS vulnerable to Cross-site Request Forgery High
CVE-2022-43693 was published for concrete5/concrete5 (Composer) Nov 14, 2022
Duplicate Advisory: Cross-Site Request Forgery in easyii CMS High
CVE-2022-3772 was published for noumo/easyii (Composer) Oct 31, 2022 withdrawn
CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin High
CVE-2022-43407 was published for org.jenkins-ci.plugins:pipeline-input-step (Maven) Oct 19, 2022
NotMyFault
Credited to NotMyFault
Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins High
CVE-2022-43408 was published for org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view (Maven) Oct 19, 2022
Moodle Cross-Site Request Forgery (CSRF) High
CVE-2022-2986 was published for moodle/moodle (Composer) Oct 6, 2022
rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed High
CVE-2022-3274 was published for rdiffweb (pip) Sep 23, 2022
Jenkins build-publisher plugin vulnerable to cross-site request forgery High
CVE-2022-41232 was published for org.jenkins-ci.plugins:build-publisher (Maven) Sep 22, 2022
NotMyFault
Credited to NotMyFault
NodeBB account takeover via SSO plugins High
CVE-2022-36076 was published for nodebb (npm) Sep 16, 2022
rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access High
CVE-2022-3221 was published for rdiffweb (pip) Sep 16, 2022
Apache JSPWiki CSRF due to crafted invocation on the Image plugin High
CVE-2022-34158 was published for org.apache.jspwiki:jspwiki-main (Maven) Aug 5, 2022
Jenkins Coverity Plugin vulnerable to cross-site request forgery (CSRF) High
CVE-2022-36920 was published for org.jenkins-ci.plugins:coverity (Maven) Jul 28, 2022
NotMyFault
Credited to NotMyFault
Togglz console missing cross-site request forgery (CSRF) protection High
CVE-2020-28191 was published for org.togglz:togglz-console (Maven) Jul 15, 2022
Cross-Site Request Forgery in Jenkins Recipe Plugin High
CVE-2022-34792 was published for org.jenkins-ci.plugins:recipe (Maven) Jul 1, 2022
NotMyFault
Credited to NotMyFault
Cross-Site Request Forgery in Elefant CMS High
CVE-2017-20062 was published for elefant/cms (Composer) Jun 21, 2022
Cross Site Request Forgery in Mingsoft MCMS High
CVE-2022-29647 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database