Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,790
Erlang
36
GitHub Actions
29
Go
2,370
Maven
5,000+
npm
3,994
NuGet
720
pip
3,783
Pub
12
RubyGems
927
Rust
982
Swift
38
Unreviewed advisories
All unreviewed
5,000+

351 advisories

Loading
Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs High
CVE-2021-33338 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Jenkins Cadence vManager Plugin Vulnerable to Cross-Site Request Forgery Moderate
CVE-2025-47886 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 14, 2025
CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin High
CVE-2022-43407 was published for org.jenkins-ci.plugins:pipeline-input-step (Maven) Oct 19, 2022
NotMyFault
Cross-Site Request Forgery in OpenNMS Horizon Moderate
CVE-2021-25930 was published for org.opennms:opennms (Maven) May 25, 2021
Cross-Site Request Forgery in OpenNMS Horizon High
CVE-2021-25931 was published for org.opennms:opennms (Maven) May 25, 2021
Cross-Site Request Forgery in Jenkins Cluster Statistics Plugin Moderate
CVE-2022-45398 was published for org.zeroturnaround:cluster-stats (Maven) Nov 16, 2022
NotMyFault
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor High
CVE-2024-26273 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor High
CVE-2024-26272 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget High
CVE-2024-26271 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
Apache Wicket vulnerable to CSRF attacks High
CVE-2016-6806 was published for org.apache.wicket:wicket-core (Maven) May 17, 2022
Apache Brooklyn is vulnerable to cross-site request forgery (CSRF) High
CVE-2016-8737 was published for org.apache.brooklyn:brooklyn-jsgui (Maven) May 17, 2022
Neo4J vulnerable to Cross-Site Request Forgery High
CVE-2013-7259 was published for org.neo4j:neo4j (Maven) May 17, 2022
Jenkins Simple Queue Plugin Cross-Site Request Forgery (CSRF) Moderate
CVE-2025-31723 was published for io.jenkins.plugins:simple-queue (Maven) Apr 2, 2025
Selenium Server (Grid) CSRF High
CVE-2022-28108 was published for org.seleniumhq.selenium:selenium-grid (Maven) Apr 20, 2022
jeffwidman
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack High
CVE-2015-7537 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack High
CVE-2015-7538 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack Low
CVE-2015-5318 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins cross-site request forgery (CSRF) vulnerability Moderate
CVE-2025-27624 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 6, 2025
Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery High
CVE-2023-28676 was published for org.jenkins-ci.plugins:convert-to-pipeline (Maven) Apr 2, 2023
Cross-Site Request Forgery in Apache Wicket Moderate
CVE-2024-27439 was published for org.apache.wicket:wicket (Maven) Mar 19, 2024
CSRF vulnerability in Jenkins Azure Service Fabric Plugin Moderate
CVE-2025-24402 was published for org.jenkins-ci.plugins:service-fabric (Maven) Jan 22, 2025
Bitbucket Server Integration Plugin allows bypassing CSRF protection for any URL High
CVE-2025-24398 was published for io.jenkins.plugins:atlassian-bitbucket-server-integration (Maven) Jan 22, 2025
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) High
CVE-2024-47879 was published for org.openrefine:main (Maven) Oct 24, 2024
wetneb
Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2024-2215 was published for org.jenkins-ci.plugins:docker-build-step (Maven) Mar 6, 2024
CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin High
CVE-2022-28136 was published for org.jenkins-ci.plugins:JiraTestResultReporter (Maven) Mar 30, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database