GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
299 advisories
Filter by severity
Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability
High
CVE-2018-1000153
was published
for
org.jenkins-ci.plugins:vsphere-cloud
(Maven)
May 14, 2022
Jenkins Poll SCM Plugin vulnerable to Cross-Site Request Forgery
High
CVE-2017-1000093
was published
for
org.jenkins-ci.plugins:pollscm
(Maven)
May 17, 2022
CSRF issue on preview pages in Bolt CMS
High
CVE-2020-4040
was published
for
bolt/bolt
(Composer)
Jun 9, 2020
Cross-Site Request Forgery in Jenkins Recipe Plugin
High
CVE-2022-34792
was published
for
org.jenkins-ci.plugins:recipe
(Maven)
Jul 1, 2022
Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection
High
CVE-2020-2196
was published
for
org.jenkins-ci.plugins:selenium
(Maven)
May 24, 2022
IPython vulnerable to cross site request forgery (CSRF)
High
CVE-2015-5607
was published
for
ipython
(pip)
May 17, 2022
Concrete CMS vulnerable to Cross-site Request Forgery
High
CVE-2022-43693
was published
for
concrete5/concrete5
(Composer)
Nov 14, 2022
Jenkins Coverity Plugin vulnerable to cross-site request forgery (CSRF)
High
CVE-2022-36920
was published
for
org.jenkins-ci.plugins:coverity
(Maven)
Jul 28, 2022
CSRF vulnerability in Jenkins Sounds Plugin allow OS command execution
High
CVE-2020-2098
was published
for
org.jenkins-ci.plugins:sounds
(Maven)
May 24, 2022
Malfunction of CSRF token validation in Shopware
High
CVE-2022-24879
was published
for
shopware/shopware
(Composer)
Apr 28, 2022
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter
High
CVE-2015-8379
was published
for
cakephp/cakephp
(Composer)
May 14, 2022
CakePHP allows method override parameters to bypass CSRF checks
High
CVE-2020-35239
was published
for
cakephp/cakephp
(Composer)
May 24, 2022
Apache JSPWiki CSRF due to crafted invocation on the Image plugin
High
CVE-2022-34158
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Aug 5, 2022
Jenkins build-publisher plugin vulnerable to cross-site request forgery
High
CVE-2022-41232
was published
for
org.jenkins-ci.plugins:build-publisher
(Maven)
Sep 22, 2022
rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed
High
CVE-2022-3274
was published
for
rdiffweb
(pip)
Sep 23, 2022
Cross-Site Request Forgery in MicroPyramid Django CRM
High
CVE-2019-11457
was published
for
django-crm
(pip)
Sep 11, 2019
Improper Input Validation and Cross-Site Request Forgery in Keycloak
High
CVE-2019-10199
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 23, 2019
Observable Timing Discrepancy in OpenMage LTS
High
CVE-2020-15151
was published
for
openmage/magento-lts
(Composer)
Aug 19, 2020
Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin
High
CVE-2019-16575
was published
for
io.alauda.jenkins.plugins:alauda-kubernetes-support
(Maven)
May 24, 2022
CSRF can expose users authentication token
High
CVE-2021-21241
was published
for
Flask-Security-Too
(pip)
Jan 11, 2021
Cross-Site Request Forgery in ForkCMS
High
CVE-2020-23960
was published
for
forkcms/forkcms
(Composer)
May 6, 2021
Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12
High
CVE-2020-28452
was published
for
com.softwaremill.akka-http-session:core_2.12
(Maven)
Jan 6, 2022
Cryptographically weak CSRF tokens in Apache MyFaces
High
CVE-2021-26296
was published
for
org.apache.myfaces.core:myfaces-core-module
(Maven)
Jun 16, 2021
Cross-Site Request Forgery in Vert.x-Web framework
High
CVE-2020-35217
was published
for
io.vertx:vertx-web
(Maven)
Apr 22, 2021
Cross-Site Request Forgery in OpenNMS Horizon
High
CVE-2021-25931
was published
for
org.opennms:opennms
(Maven)
May 25, 2021
ProTip!
Advisories are also available from the
GraphQL API