GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
312 advisories
Filter by severity
OrientDB-Server vulnerable to Cross-Site Request Forgery
High
CVE-2015-2912
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
Cross-Site Request Forgery (CSRF) in keystone
High
CVE-2017-16570
was published
for
keystone
(npm)
Nov 30, 2017
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons
High
CVE-2018-20595
was published
for
org.hswebframework.web:hsweb-commons
(Maven)
Jan 4, 2019
Cross-Site Request Forgery (CSRF) in Auth0
High
CVE-2018-6874
was published
for
auth0-js
(npm)
Nov 6, 2018
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
High
CVE-2022-43719
was published
for
apache-superset
(pip)
Jan 16, 2023
Cross Site Request Forgery in mailman
High
CVE-2021-44227
was published
for
mailman
(pip)
Dec 16, 2021
Cross-site Request Forgery in fastify-csrf
High
CVE-2020-28482
was published
for
fastify-csrf
(npm)
Jan 20, 2021
CSRF vulnerability in Jenkins Publish Over FTP Plugin
High
CVE-2022-29050
was published
for
org.jenkins-ci.plugins:publish-over-ftp
(Maven)
Apr 13, 2022
Cross Site Request Forgery in Mingsoft MCMS
High
CVE-2022-27340
was published
for
net.mingsoft:ms-mcms
(Maven)
Apr 23, 2022
Cross-Site Request Forgery in Jenkins Git Plugin
High
CVE-2017-1000092
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 17, 2022
Cross-Site Request Forgery in Jolokia
High
CVE-2018-10899
was published
for
org.jolokia:jolokia-core
(Maven)
May 24, 2022
Cross-Site Request Forgery in XXL-Job
High
CVE-2022-29002
was published
for
com.xuxueli:xxl-job
(Maven)
May 24, 2022
Cross-Site Request Forgery in Jenkins
High
CVE-2017-1000356
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
NodeBB account takeover via SSO plugins
High
CVE-2022-36076
was published
for
nodebb
(npm)
Sep 16, 2022
Cross-Site Request Forgery in OWASP CSRFGuard
High
CVE-2021-28490
was published
for
org.owasp:csrfguard
(Maven)
May 24, 2022
Cross Site Request Forgery in Mingsoft MCMS
High
CVE-2022-29647
was published
for
net.mingsoft:ms-mcms
(Maven)
Jun 3, 2022
Cross-Site Request Forgery in Elefant CMS
High
CVE-2017-20062
was published
for
elefant/cms
(Composer)
Jun 21, 2022
Cross Site Request Forgery in Jenkins Storable Configs Plugin
High
CVE-2022-30972
was published
for
org.jvnet.hudson.plugins:storable-configs-plugin
(Maven)
May 18, 2022
Cross Site Request Forgery in Jenkins SSH Plugin
High
CVE-2022-30958
was published
for
org.jenkins-ci.plugins:ssh
(Maven)
May 18, 2022
Cross-Site Request Forgery in Jenkins Autocomplete Parameter Plugin
High
CVE-2022-30969
was published
for
org.jenkins-ci.plugins:autocomplete-parameter
(Maven)
May 18, 2022
Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability
High
CVE-2018-1000153
was published
for
org.jenkins-ci.plugins:vsphere-cloud
(Maven)
May 14, 2022
Jenkins Poll SCM Plugin vulnerable to Cross-Site Request Forgery
High
CVE-2017-1000093
was published
for
org.jenkins-ci.plugins:pollscm
(Maven)
May 17, 2022
CSRF issue on preview pages in Bolt CMS
High
CVE-2020-4040
was published
for
bolt/bolt
(Composer)
Jun 9, 2020
ProTip!
Advisories are also available from the
GraphQL API