Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

177 advisories

Loading
CSRF in Play Framework Moderate
CVE-2020-12480 was published for com.typesafe.play:play_2.12 (Maven) Aug 18, 2020
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24437 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25212 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Moderate
CVE-2018-1000195 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2017-2613 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Cross-Site Request Forgery in Apache Tomcat Moderate
CVE-2012-4431 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Cross-Site Request Forgery in Jolokia Moderate
CVE-2014-0168 was published for org.jolokia:jolokia-core (Maven) May 17, 2022
XWiki Cross-Site Request Forgery (CSRF) for actions on tags Moderate
CVE-2022-36095 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Sep 16, 2022
Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-25192 was published for io.jenkins.plugins:embotics-vcommander (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins Script Security Plugin Moderate
CVE-2022-30946 was published for org.jenkins-ci.plugins:script-security (Maven) May 18, 2022
NotMyFault
Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2017-1000085 was published for org.jenkins-ci.plugins:subversion (Maven) May 17, 2022
Jenkins GitHub Branch Source Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2017-1000091 was published for org.jenkins-ci.plugins:github-branch-source (Maven) May 17, 2022
CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin allow capturing credentials Moderate
CVE-2022-34780 was published for com.xebialabs.ci:xlrelease-plugin (Maven) Jul 1, 2022
NotMyFault
CSRF vulnerability in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36908 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36906 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin Moderate
CVE-2022-34797 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Jul 1, 2022
NotMyFault
CSRF vulnerability in Jenkins Zephyr for JIRA Test Management Plugin Moderate
CVE-2020-2215 was published for org.jenkins-ci.plugins:zephyr-for-jira-test-management (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Flaky Test Handler Plugin Moderate
CVE-2020-2237 was published for org.jenkins-ci.plugins:flaky-test-handler (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Google Cloud Backup Plugin Moderate
CVE-2022-36916 was published for org.jenkins-ci.plugins:google-cloud-backup (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins openstack-heat Plugin Moderate
CVE-2022-36911 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins Shared Objects Plugin Moderate
CVE-2020-2296 was published for org.jenkins-ci.plugins:shared-objects (Maven) May 24, 2022
NotMyFault
Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp Moderate
CVE-2022-28731 was published for org.apache.jspwiki:jspwiki-main (Maven) Aug 5, 2022
Cross-Site Request Forgery in Jenkins vRealize Orchestrator Plugin Moderate
CVE-2022-34211 was published for org.jenkins-ci.plugins:vmware-vrealize-orchestrator (Maven) Jun 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins ThreadFix Plugin Moderate
CVE-2022-34209 was published for org.jenkins-ci.plugins:threadfix (Maven) Jun 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin Moderate
CVE-2022-34205 was published for org.jenkins-ci.plugins:jianliao (Maven) Jun 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API