Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

351 advisories

Loading
Jenkins WSO2 Oauth Plugin cross-site request forgery vulnerability Moderate
CVE-2023-33006 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
@builder.io/qwik-city Cross-Site Request Forgery vulnerability Moderate
CVE-2023-2307 was published for @builder.io/qwik-city (npm) Apr 26, 2023
CSRF token fixation in fastify-passport Moderate
CVE-2023-29020 was published for @fastify/passport (npm) Apr 21, 2023
pedromigueladao lavish
Bypass of CSRF protection in the presence of predictable userInfo Moderate
CVE-2023-27495 was published for @fastify/csrf-protection (npm) Apr 20, 2023
pedromigueladao lavish
Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-30529 was published for org.jenkins-ci.plugins:lucene-search (Maven) Apr 12, 2023
Jenkins Report Portal Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-30525 was published for org.jenkins-ci.plugins:reportportal (Maven) Apr 12, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery Moderate
CVE-2023-28671 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery Moderate
CVE-2023-28674 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
OpenNMS Meridian and Horizon vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-0870 was published for org.opennms:opennms-webapp (Maven) Mar 22, 2023
Possible CSRF token fixation Moderate
CVE-2023-25170 was published for prestashop/prestashop (Composer) Mar 13, 2023
apollo-portal has potential CSRF issue Moderate
CVE-2023-25569 was published for com.ctrip.framework.apollo:apollo (Maven) Feb 22, 2023
Cross-Site Request Forgery (CSRF) in wallabag/wallabag Moderate
CVE-2023-0735 was published for wallabag/wallabag (Composer) Feb 8, 2023
Cross-Site Request Forgery in XXL Job Moderate
CVE-2023-0674 was published for com.xuxueli:xxl-job (Maven) Feb 4, 2023
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2 Moderate
CVE-2023-25015 was published for clockwork_web (RubyGems) Feb 2, 2023
Cross-site request forgery in Jenkins Gerrit Trigger Plugin Moderate
CVE-2023-24423 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24437 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin Moderate
CVE-2023-24428 was published for org.jenkins-ci.plugins:bitbucket-oauth (Maven) Jan 26, 2023
CSRF vulnerability in Jenkins Keycloak Authentication Plugin Moderate
CVE-2023-24457 was published for org.jenkins-ci.plugins:keycloak (Maven) Jan 26, 2023
magento-lts Reset Password not protected against well-timed CSRF Moderate
CVE-2021-21395 was published for openmage/magento-lts (Composer) Jan 26, 2023
Cross-Site Request Forgery in modoboa Moderate
CVE-2023-0438 was published for modoboa (pip) Jan 23, 2023
CakePHP has incorrect Cross-Site Request Forgery validation Moderate
GHSA-829q-v5g8-hhxc was published for cakephp/cakephp (Composer) Jan 20, 2023
Cross-Site Request Forgery in modoboa Moderate
CVE-2023-0406 was published for modoboa (pip) Jan 19, 2023
Modoboa is vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-0398 was published for modoboa (pip) Jan 19, 2023
Froxlor vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-4867 was published for froxlor/froxlor (Composer) Dec 31, 2022
usememos/memos Cross-Site Request Forgery vulnerability Moderate
CVE-2022-4846 was published for github.com/usememos/memos (Go) Dec 29, 2022
ProTip! Advisories are also available from the GraphQL API