GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
351 advisories
Filter by severity
Jenkins WSO2 Oauth Plugin cross-site request forgery vulnerability
Moderate
CVE-2023-33006
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
May 16, 2023
@builder.io/qwik-city Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-2307
was published
for
@builder.io/qwik-city
(npm)
Apr 26, 2023
CSRF token fixation in fastify-passport
Moderate
CVE-2023-29020
was published
for
@fastify/passport
(npm)
Apr 21, 2023
Bypass of CSRF protection in the presence of predictable userInfo
Moderate
CVE-2023-27495
was published
for
@fastify/csrf-protection
(npm)
Apr 20, 2023
Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2023-30529
was published
for
org.jenkins-ci.plugins:lucene-search
(Maven)
Apr 12, 2023
Jenkins Report Portal Plugin Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-30525
was published
for
org.jenkins-ci.plugins:reportportal
(Maven)
Apr 12, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery
Moderate
CVE-2023-28671
was published
for
org.jenkinsci.plugins:octoperf
(Maven)
Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery
Moderate
CVE-2023-28674
was published
for
org.jenkinsci.plugins:octoperf
(Maven)
Apr 2, 2023
OpenNMS Meridian and Horizon vulnerable to Cross-Site Request Forgery
Moderate
CVE-2023-0870
was published
for
org.opennms:opennms-webapp
(Maven)
Mar 22, 2023
Possible CSRF token fixation
Moderate
CVE-2023-25170
was published
for
prestashop/prestashop
(Composer)
Mar 13, 2023
apollo-portal has potential CSRF issue
Moderate
CVE-2023-25569
was published
for
com.ctrip.framework.apollo:apollo
(Maven)
Feb 22, 2023
Cross-Site Request Forgery (CSRF) in wallabag/wallabag
Moderate
CVE-2023-0735
was published
for
wallabag/wallabag
(Composer)
Feb 8, 2023
Cross-Site Request Forgery in XXL Job
Moderate
CVE-2023-0674
was published
for
com.xuxueli:xxl-job
(Maven)
Feb 4, 2023
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2
Moderate
CVE-2023-25015
was published
for
clockwork_web
(RubyGems)
Feb 2, 2023
Cross-site request forgery in Jenkins Gerrit Trigger Plugin
Moderate
CVE-2023-24423
was published
for
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
(Maven)
Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin
Moderate
CVE-2023-24437
was published
for
org.jenkins-ci.plugins:jira-steps
(Maven)
Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin
Moderate
CVE-2023-24428
was published
for
org.jenkins-ci.plugins:bitbucket-oauth
(Maven)
Jan 26, 2023
CSRF vulnerability in Jenkins Keycloak Authentication Plugin
Moderate
CVE-2023-24457
was published
for
org.jenkins-ci.plugins:keycloak
(Maven)
Jan 26, 2023
magento-lts Reset Password not protected against well-timed CSRF
Moderate
CVE-2021-21395
was published
for
openmage/magento-lts
(Composer)
Jan 26, 2023
Cross-Site Request Forgery in modoboa
Moderate
CVE-2023-0438
was published
for
modoboa
(pip)
Jan 23, 2023
CakePHP has incorrect Cross-Site Request Forgery validation
Moderate
GHSA-829q-v5g8-hhxc
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
Cross-Site Request Forgery in modoboa
Moderate
CVE-2023-0406
was published
for
modoboa
(pip)
Jan 19, 2023
Modoboa is vulnerable to Cross-Site Request Forgery
Moderate
CVE-2023-0398
was published
for
modoboa
(pip)
Jan 19, 2023
Froxlor vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-4867
was published
for
froxlor/froxlor
(Composer)
Dec 31, 2022
usememos/memos Cross-Site Request Forgery vulnerability
Moderate
CVE-2022-4846
was published
for
github.com/usememos/memos
(Go)
Dec 29, 2022
ProTip!
Advisories are also available from the
GraphQL API