Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

756 advisories

Loading
org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability Critical
CVE-2023-29213 was published for org.xwiki.platform:xwiki-platform-logging-ui (Maven) Apr 12, 2023
Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-30529 was published for org.jenkins-ci.plugins:lucene-search (Maven) Apr 12, 2023
Jenkins Report Portal Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-30525 was published for org.jenkins-ci.plugins:reportportal (Maven) Apr 12, 2023
SvelteKit framework has Insufficient CSRF protection for CORS requests High
CVE-2023-29008 was published for @sveltejs/kit (npm) Apr 7, 2023
Ry0taK benmccann
dominikg Conduitry
SvelteKit vulnerable to Cross-Site Request Forgery High
CVE-2023-29003 was published for @sveltejs/kit (npm) Apr 4, 2023
v1ktor0t benmccann
Conduitry eltigerchino dominikg
Phachon mm-wiki Cross Site Request Forgery vulnerability High
CVE-2020-19278 was published for github.com/phachon/mm-wiki (Go) Apr 4, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery Moderate
CVE-2023-28671 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery High
CVE-2023-28676 was published for org.jenkins-ci.plugins:convert-to-pipeline (Maven) Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery Moderate
CVE-2023-28674 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Moodle vulnerable to Cross-site Request Forgery High
CVE-2023-28335 was published for moodle/moodle (Composer) Mar 23, 2023
OpenNMS Meridian and Horizon vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-0870 was published for org.opennms:opennms-webapp (Maven) Mar 22, 2023
Missing proper state, nonce and PKCE checks for OAuth authentication High
CVE-2023-27490 was published for next-auth (npm) Mar 13, 2023
FINDarkside
Possible CSRF token fixation Moderate
CVE-2023-25170 was published for prestashop/prestashop (Composer) Mar 13, 2023
Froxlor Cross-Site Request Forgery vulnerability High
CVE-2023-1033 was published for froxlor/froxlor (Composer) Feb 25, 2023
apollo-portal has potential CSRF issue Moderate
CVE-2023-25569 was published for com.ctrip.framework.apollo:apollo (Maven) Feb 22, 2023
CSRF vulnerability in Synopsys Jenkins Coverity Plugin Low
CVE-2023-23847 was published for org.jenkins-ci.plugins:synopsys-coverity (Maven) Feb 15, 2023
Cross-Site Request Forgery in Jenkins Azure Credentials Plugin High
CVE-2023-25767 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Cross-Site Request Forgery (CSRF) in wallabag/wallabag Moderate
CVE-2023-0735 was published for wallabag/wallabag (Composer) Feb 8, 2023
Cross-Site Request Forgery in XXL Job Moderate
CVE-2023-0674 was published for com.xuxueli:xxl-job (Maven) Feb 4, 2023
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2 Moderate
CVE-2023-25015 was published for clockwork_web (RubyGems) Feb 2, 2023
CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin High
CVE-2023-24434 was published for org.jenkins-ci.plugins:ghprb (Maven) Jan 26, 2023
CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials High
CVE-2023-24432 was published for io.jenkins.plugins:macstadium-orka (Maven) Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins OpenID Plugin High
CVE-2023-24446 was published for org.jenkins-ci.plugins:openid (Maven) Jan 26, 2023
CSRF vulnerability in Jenkins TestQuality Updater Plugin High
CVE-2023-24452 was published for org.jenkins-ci.plugins:testquality-updater (Maven) Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin High
CVE-2023-24447 was published for org.jenkins-ci.plugins:rabbitmq-consumer (Maven) Jan 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database