Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,464
Erlang
33
GitHub Actions
22
Go
2,164
Maven
5,000+
npm
3,821
NuGet
696
pip
3,503
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

341 advisories

Loading
Cross site request forgery in Jenkins Job and Node ownership Plugin High
CVE-2022-28150 was published for com.synopsys.jenkinsci:ownership (Maven) Mar 30, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins P4 Plugin High
CVE-2021-21655 was published for org.jenkins-ci.plugins:p4 (Maven) Mar 18, 2022
NotMyFault
CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF Moderate
CVE-2022-27204 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin High
CVE-2022-27198 was published for org.jenkins-ci.plugins:aws-credentials (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials High
CVE-2022-27210 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability in Jenkins Release Helper Plugin Moderate
CVE-2022-27214 was published for org.jenkins-ci.plugins:release-helper (Maven) Mar 16, 2022
NotMyFault
Cross Site Request Forgery in Apache JSPWiki High
CVE-2022-24947 was published for org.apache.jspwiki:jspwiki-main (Maven) Feb 26, 2022
Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-25192 was published for io.jenkins.plugins:embotics-vcommander (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins autonomiq plugin High
CVE-2022-25194 was published for io.jenkins.plugins:autonomiq (Maven) Feb 16, 2022
westonsteimel NotMyFault
CSRF vulnerability in Jenkins SCP publisher Plugin High
CVE-2022-25198 was published for org.jenkins-ci.plugins:scp (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins Checkmarx Plugin allow capturing credentials Moderate
CVE-2022-25200 was published for com.checkmarx.jenkins:checkmarx (Maven) Feb 16, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins dbCharts Plugin High
CVE-2022-25205 was published for org.jenkins-ci.plugins:dbCharts (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins Chef Sinatra Plugin allow XXE High
CVE-2022-25207 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25212 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault
Cross-Site Request Forgery in Magnolia CMS High
CVE-2021-46366 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
Cross-Site Request Forgery in xwiki-platform High
CVE-2021-32732 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Feb 10, 2022
Cross-Site Request Forgery Moderate
CVE-2020-7780 was published for com.softwaremill.akka-http-session:core_2.11 (Maven) Feb 9, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2022-20612 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 21, 2022
Cross-Site Request Forgery in Jenkins Mailer Plugin Moderate
CVE-2022-20613 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022
NotMyFault westonsteimel
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin High
CVE-2022-20619 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
CSRF vulnerability in Jenkins batch task Plugin Moderate
CVE-2022-23115 was published for org.jenkins-ci.plugins:batch-task (Maven) Jan 13, 2022
NotMyFault
CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin Moderate
CVE-2022-23111 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault
Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12 High
CVE-2020-28452 was published for com.softwaremill.akka-http-session:core_2.12 (Maven) Jan 6, 2022
Request injection in Spring Cloud Gateway Moderate
CVE-2021-22051 was published for org.springframework.cloud:spring-cloud-gateway (Maven) Nov 10, 2021
Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server High
CVE-2021-39133 was published for org.rundeck:rundeck-core (Maven) Sep 1, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database