GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
141 advisories
Filter by severity
XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action
High
CVE-2023-40572
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Aug 23, 2023
Jenkins Folders Plugin cross-site request forgery vulnerability
High
CVE-2023-40336
was published
for
org.jenkins-ci.plugins:cloudbees-folder
(Maven)
Aug 16, 2023
xuxueli xxl-job Cross-Site Request Forgery Vulnerability
High
CVE-2020-24922
was published
for
com.xuxueli:xxl-job
(Maven)
Aug 11, 2023
Jenkins Assembla Auth Plugin vulnerable to cross-site request forgery
High
CVE-2023-37961
was published
for
org.jenkins-ci.plugins:assembla-auth
(Maven)
Jul 12, 2023
Jenkins Sumologic Publisher Plugin vulnerable to cross-site request forgery
High
CVE-2023-37958
was published
for
org.jenkins-ci.plugins:sumologic-publisher
(Maven)
Jul 12, 2023
Jenkins ElasticBox CI Plugin vulnerable to cross-site request forgery
High
CVE-2023-37964
was published
for
org.jenkins-ci.plugins:elasticbox
(Maven)
Jul 12, 2023
Jenkins Benchmark Evaluator Plugin vulnerable to cross-site request forgery
High
CVE-2023-37962
was published
for
io.jenkins.plugins:benchmark-evaluator
(Maven)
Jul 12, 2023
Jenkins Pipeline restFul API Plugin vulnerable to Cross Site Request Forgery
High
CVE-2023-37957
was published
for
io.jenkins.plugins:pipeline-restful-api
(Maven)
Jul 12, 2023
Jenkins CSRF protection bypass vulnerability
High
CVE-2023-35141
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 14, 2023
Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability
High
CVE-2023-32991
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery
High
CVE-2023-28676
was published
for
org.jenkins-ci.plugins:convert-to-pipeline
(Maven)
Apr 2, 2023
Cross-Site Request Forgery in Jenkins Azure Credentials Plugin
High
CVE-2023-25767
was published
for
org.jenkins-ci.plugins:azure-credentials
(Maven)
Feb 15, 2023
CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin
High
CVE-2023-24434
was published
for
org.jenkins-ci.plugins:ghprb
(Maven)
Jan 26, 2023
CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials
High
CVE-2023-24432
was published
for
io.jenkins.plugins:macstadium-orka
(Maven)
Jan 26, 2023
CSRF vulnerability in Jenkins TestQuality Updater Plugin
High
CVE-2023-24452
was published
for
org.jenkins-ci.plugins:testquality-updater
(Maven)
Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins OpenID Plugin
High
CVE-2023-24446
was published
for
org.jenkins-ci.plugins:openid
(Maven)
Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin
High
CVE-2023-24447
was published
for
org.jenkins-ci.plugins:rabbitmq-consumer
(Maven)
Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins BearyChat Plugin
High
CVE-2023-24458
was published
for
org.jenkins-ci.plugins:bearychat
(Maven)
Jan 26, 2023
Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
High
CVE-2022-41927
was published
for
org.xwiki.platform:xwiki-platform-tag-ui
(Maven)
Nov 21, 2022
Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins
High
CVE-2022-43408
was published
for
org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view
(Maven)
Oct 19, 2022
Jenkins build-publisher plugin vulnerable to cross-site request forgery
High
CVE-2022-41232
was published
for
org.jenkins-ci.plugins:build-publisher
(Maven)
Sep 22, 2022
Apache JSPWiki CSRF due to crafted invocation on the Image plugin
High
CVE-2022-34158
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Aug 5, 2022
Jenkins Coverity Plugin vulnerable to cross-site request forgery (CSRF)
High
CVE-2022-36920
was published
for
org.jenkins-ci.plugins:coverity
(Maven)
Jul 28, 2022
Togglz console missing cross-site request forgery (CSRF) protection
High
CVE-2020-28191
was published
for
org.togglz:togglz-console
(Maven)
Jul 15, 2022
Cross-Site Request Forgery in Jenkins Recipe Plugin
High
CVE-2022-34792
was published
for
org.jenkins-ci.plugins:recipe
(Maven)
Jul 1, 2022
ProTip!
Advisories are also available from the
GraphQL API