Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

350 advisories

Loading
Cross-Site Request Forgery in Anchor CMS Moderate
CVE-2024-29338 was published for anchorcms/anchor-cms (Composer) Mar 22, 2024
Duplicate Advisory: Cross-Site Request Forgery in Gradio Moderate
GHSA-3x9g-xfj5-fq84 was published for gradio (pip) Mar 21, 2024 withdrawn
Cross-Site Request Forgery in Apache Wicket Moderate
CVE-2024-27439 was published for org.apache.wicket:wicket (Maven) Mar 19, 2024
Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2024-2215 was published for org.jenkins-ci.plugins:docker-build-step (Maven) Mar 6, 2024
Jenkins Subversion Partial Release Manager Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-28158 was published for org.jenkins-ci.plugins:svn-partial-release-mgr (Maven) Mar 6, 2024
mongo-express Cross-site Request Forgery vulnerability Moderate
CVE-2023-52555 was published for mongo-express (npm) Mar 1, 2024
Possible CSRF attack at questionnaire templates preview Moderate
CVE-2023-47635 was published for decidim-templates (RubyGems) Feb 20, 2024
Cross-Site Request Forgery in moodle Moderate
CVE-2024-25982 was published for moodle/moodle (Composer) Feb 19, 2024
Grafana Cross Site Request Forgery (CSRF) Moderate
CVE-2022-21703 was published for github.com/grafana/grafana/pkg/web (Go) Feb 1, 2024
CSRF vulnerability in Jenkins GitLab Branch Source Plugin Moderate
CVE-2024-23902 was published for io.jenkins.plugins:gitlab-branch-source (Maven) Jan 24, 2024
Concrete CMS Cross Site Request Forgery (CSRF) Moderate
CVE-2023-48652 was published for concrete5/concrete5 (Composer) Dec 25, 2023
Cross-Site Request Forgery (CSRF) in automad/automad Moderate
CVE-2023-7038 was published for automad/automad (Composer) Dec 21, 2023
marcantondahmen
Apache Airflow Cross-Site Request Forgery vulnerability Moderate
CVE-2023-49920 was published for apache-airflow (pip) Dec 21, 2023
Phpsysinfo Cross Site Request Forgery (CSRF) vulnerability Moderate
CVE-2023-49006 was published for phpsysinfo/phpsysinfo (Composer) Dec 19, 2023
Cross-site request forgery vulnerability in Jenkins Deployment Dashboard Plugin Moderate
CVE-2023-50775 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Dec 13, 2023
Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-50768 was published for org.sonatype.nexus.ci:nexus-jenkins-plugin (Maven) Dec 13, 2023
Cross-Site Request Forgery in Jenkins PaaSLane Estimate Plugin Moderate
CVE-2023-50778 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-49673 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Nov 29, 2023
secjoker
NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability Moderate
CVE-2023-45884 was published for openmct (npm) Nov 9, 2023
MarkLee131
Axios Cross-Site Request Forgery Vulnerability Moderate
CVE-2023-45857 was published for axios (npm) Nov 8, 2023
vintagesucks danewilson
baserCMS CSRF vulnerability in Content preview Feature Moderate
CVE-2023-43649 was published for baserproject/basercms (Composer) Oct 26, 2023
modoboa Cross-Site Request Forgery vulnerability Moderate
CVE-2023-5690 was published for modoboa (pip) Oct 20, 2023
Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-43500 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) Sep 20, 2023
Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-43502 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) Sep 20, 2023
CSRF vulnerability in Jenkins Ivy Plugin Moderate
CVE-2023-41938 was published for org.jenkins-ci.plugins:ivy (Maven) Sep 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database