GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
299 advisories
Filter by severity
CSRF vulnerability and in Jenkins OWASP Dependency-Track Plugin allow capturing credentials
High
CVE-2021-21633
was published
for
org.jenkins-ci.plugins:dependency-track
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Build With Parameters Plugin
High
CVE-2021-21629
was published
for
org.jenkins-ci.plugins:build-with-parameters
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Libvirt Agents Plugin
High
CVE-2021-21627
was published
for
org.jenkins-ci.plugins:libvirt-slave
(Maven)
May 24, 2022
Grav CMS Cross-Site Request Forgery (CSRF)
High
CVE-2020-29553
was published
for
getgrav/grav
(Composer)
May 24, 2022
CSRF vulnerability in Jenkins Configuration Slicing Plugin
High
CVE-2021-21617
was published
for
org.jenkins-ci.plugins:configurationslicing
(Maven)
May 24, 2022
CakePHP allows method override parameters to bypass CSRF checks
High
CVE-2020-35239
was published
for
cakephp/cakephp
(Composer)
May 24, 2022
CSRF vulnerability in Jenkins Shelve Project Plugin
High
CVE-2020-2321
was published
for
org.jenkins-ci.plugins:shelve-project-plugin
(Maven)
May 24, 2022
Subrion CMS CSRF Vulnerability
High
CVE-2019-7357
was published
for
intelliants/subrion
(Composer)
May 24, 2022
PyroCMS Vulnerable to CSRF
High
CVE-2020-25263
was published
for
pyrocms/pyrocms
(Composer)
May 24, 2022
CSRF vulnerability in Jenkins warnings Plugin allows remote code execution
High
CVE-2020-2280
was published
for
org.jvnet.hudson.plugins:warnings
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Database Plugin
High
CVE-2020-2240
was published
for
org.jenkins-ci.plugins:database
(Maven)
May 24, 2022
Codiad CSRF Vulnerability
High
CVE-2020-14043
was published
for
codiad/codiad
(Composer)
May 24, 2022
CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
High
CVE-2020-2235
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
May 24, 2022
NukeViet Cross-Site Request Forgery (CSRF)
High
CVE-2020-13155
was published
for
nukeviet/nukeviet
(Composer)
May 24, 2022
WooCommerce Cross-Site Request Forgery (CSRF)
High
CVE-2019-20891
was published
for
woocommerce/woocommerce
(Composer)
May 24, 2022
Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection
High
CVE-2020-2196
was published
for
org.jenkins-ci.plugins:selenium
(Maven)
May 24, 2022
Image Resizer Cross-Site Request Forgery (CSRF)
High
CVE-2020-13458
was published
for
verbb/image-resizer
(Composer)
May 24, 2022
Subrion CMS Cross-Site Request Forgery (CSRF) vulnerability
High
CVE-2019-20390
was published
for
intelliants/subrion
(Composer)
May 24, 2022
Dolibarr Cross-Site Request Forgery Vulnerability
High
CVE-2020-11825
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Cross-Site Request Forgery in Jenkins
High
CVE-2020-2160
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Subrion CMS CSRF Vulnerability
High
CVE-2018-21037
was published
for
intelliants/subrion
(Composer)
May 24, 2022
Silverstripe CSRF Protection Bypass via GraphQL
High
CVE-2019-12437
was published
for
silverstripe/graphql
(Composer)
May 24, 2022
CSRF vulnerability in Pipeline GitHub Notify Step Plugin allows capturing credentials
High
CVE-2020-2116
was published
for
org.jenkins-ci.plugins:pipeline-githubnotify-step
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Sounds Plugin allow OS command execution
High
CVE-2020-2098
was published
for
org.jenkins-ci.plugins:sounds
(Maven)
May 24, 2022
Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin
High
CVE-2019-16575
was published
for
io.alauda.jenkins.plugins:alauda-kubernetes-support
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API