GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
143 advisories
Filter by severity
High severity vulnerability that affects io.vertx:vertx-web
High
CVE-2018-12540
was published
for
io.vertx:vertx-web
(Maven)
Oct 17, 2018
OrientDB-Server vulnerable to Cross-Site Request Forgery
High
CVE-2015-2912
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons
High
CVE-2018-20595
was published
for
org.hswebframework.web:hsweb-commons
(Maven)
Jan 4, 2019
Improper Input Validation and Cross-Site Request Forgery in Keycloak
High
CVE-2019-10199
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 23, 2019
Cross-Site Request Forgery in Vert.x-Web framework
High
CVE-2020-35217
was published
for
io.vertx:vertx-web
(Maven)
Apr 22, 2021
Cross-Site Request Forgery in OpenNMS Horizon
High
CVE-2021-25931
was published
for
org.opennms:opennms
(Maven)
May 25, 2021
CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials
High
CVE-2021-21652
was published
for
org.jenkins-ci.plugins:xray-connector
(Maven)
Jun 16, 2021
Cryptographically weak CSRF tokens in Apache MyFaces
High
CVE-2021-26296
was published
for
org.apache.myfaces.core:myfaces-core-module
(Maven)
Jun 16, 2021
Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server
High
CVE-2021-39133
was published
for
org.rundeck:rundeck-core
(Maven)
Sep 1, 2021
Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12
High
CVE-2020-28452
was published
for
com.softwaremill.akka-http-session:core_2.12
(Maven)
Jan 6, 2022
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin
High
CVE-2022-20619
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
Cross-Site Request Forgery in xwiki-platform
High
CVE-2021-32732
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Feb 10, 2022
Cross-Site Request Forgery in Magnolia CMS
High
CVE-2021-46366
was published
for
info.magnolia:magnolia-core
(Maven)
Feb 12, 2022
CSRF vulnerability in Jenkins Chef Sinatra Plugin allow XXE
High
CVE-2022-25207
was published
for
org.jenkins-ci.plugins:sinatra-chef-builder
(Maven)
Feb 16, 2022
Cross-Site Request Forgery in Jenkins dbCharts Plugin
High
CVE-2022-25205
was published
for
org.jenkins-ci.plugins:dbCharts
(Maven)
Feb 16, 2022
CSRF vulnerability in Jenkins SCP publisher Plugin
High
CVE-2022-25198
was published
for
org.jenkins-ci.plugins:scp
(Maven)
Feb 16, 2022
CSRF vulnerability in Jenkins autonomiq plugin
High
CVE-2022-25194
was published
for
io.jenkins.plugins:autonomiq
(Maven)
Feb 16, 2022
Cross Site Request Forgery in Apache JSPWiki
High
CVE-2022-24947
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Feb 26, 2022
CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials
High
CVE-2022-27210
was published
for
org.jenkins-ci.plugins:kubernetes-cd
(Maven)
Mar 16, 2022
CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin
High
CVE-2022-27198
was published
for
org.jenkins-ci.plugins:aws-credentials
(Maven)
Mar 16, 2022
Cross-Site Request Forgery in Jenkins P4 Plugin
High
CVE-2021-21655
was published
for
org.jenkins-ci.plugins:p4
(Maven)
Mar 18, 2022
Cross site request forgery in Jenkins Job and Node ownership Plugin
High
CVE-2022-28150
was published
for
com.synopsys.jenkinsci:ownership
(Maven)
Mar 30, 2022
CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin
High
CVE-2022-28136
was published
for
org.jenkins-ci.plugins:JiraTestResultReporter
(Maven)
Mar 30, 2022
CSRF vulnerability in Jenkins Publish Over FTP Plugin
High
CVE-2022-29050
was published
for
org.jenkins-ci.plugins:publish-over-ftp
(Maven)
Apr 13, 2022
Selenium Server (Grid) CSRF
High
CVE-2022-28108
was published
for
org.seleniumhq.selenium:selenium-grid
(Maven)
Apr 20, 2022
ProTip!
Advisories are also available from the
GraphQL API