Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

299 advisories

Loading
CSRF vulnerability and in Jenkins OWASP Dependency-Track Plugin allow capturing credentials High
CVE-2021-21633 was published for org.jenkins-ci.plugins:dependency-track (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Build With Parameters Plugin High
CVE-2021-21629 was published for org.jenkins-ci.plugins:build-with-parameters (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Libvirt Agents Plugin High
CVE-2021-21627 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
NotMyFault
Grav CMS Cross-Site Request Forgery (CSRF) High
CVE-2020-29553 was published for getgrav/grav (Composer) May 24, 2022
CSRF vulnerability in Jenkins Configuration Slicing Plugin High
CVE-2021-21617 was published for org.jenkins-ci.plugins:configurationslicing (Maven) May 24, 2022
NotMyFault
CakePHP allows method override parameters to bypass CSRF checks High
CVE-2020-35239 was published for cakephp/cakephp (Composer) May 24, 2022
ravage84
CSRF vulnerability in Jenkins Shelve Project Plugin High
CVE-2020-2321 was published for org.jenkins-ci.plugins:shelve-project-plugin (Maven) May 24, 2022
NotMyFault
Subrion CMS CSRF Vulnerability High
CVE-2019-7357 was published for intelliants/subrion (Composer) May 24, 2022
PyroCMS Vulnerable to CSRF High
CVE-2020-25263 was published for pyrocms/pyrocms (Composer) May 24, 2022
CSRF vulnerability in Jenkins warnings Plugin allows remote code execution High
CVE-2020-2280 was published for org.jvnet.hudson.plugins:warnings (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Database Plugin High
CVE-2020-2240 was published for org.jenkins-ci.plugins:database (Maven) May 24, 2022
NotMyFault
Codiad CSRF Vulnerability High
CVE-2020-14043 was published for codiad/codiad (Composer) May 24, 2022
CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials High
CVE-2020-2235 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) May 24, 2022
NotMyFault
NukeViet Cross-Site Request Forgery (CSRF) High
CVE-2020-13155 was published for nukeviet/nukeviet (Composer) May 24, 2022
WooCommerce Cross-Site Request Forgery (CSRF) High
CVE-2019-20891 was published for woocommerce/woocommerce (Composer) May 24, 2022
Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection High
CVE-2020-2196 was published for org.jenkins-ci.plugins:selenium (Maven) May 24, 2022
NotMyFault
Image Resizer Cross-Site Request Forgery (CSRF) High
CVE-2020-13458 was published for verbb/image-resizer (Composer) May 24, 2022
Subrion CMS Cross-Site Request Forgery (CSRF) vulnerability High
CVE-2019-20390 was published for intelliants/subrion (Composer) May 24, 2022
Dolibarr Cross-Site Request Forgery Vulnerability High
CVE-2020-11825 was published for dolibarr/dolibarr (Composer) May 24, 2022
Cross-Site Request Forgery in Jenkins High
CVE-2020-2160 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault sunSUNQ
Subrion CMS CSRF Vulnerability High
CVE-2018-21037 was published for intelliants/subrion (Composer) May 24, 2022
Silverstripe CSRF Protection Bypass via GraphQL High
CVE-2019-12437 was published for silverstripe/graphql (Composer) May 24, 2022
CSRF vulnerability in Pipeline GitHub Notify Step Plugin allows capturing credentials High
CVE-2020-2116 was published for org.jenkins-ci.plugins:pipeline-githubnotify-step (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Sounds Plugin allow OS command execution High
CVE-2020-2098 was published for org.jenkins-ci.plugins:sounds (Maven) May 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin High
CVE-2019-16575 was published for io.alauda.jenkins.plugins:alauda-kubernetes-support (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API