Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

314 advisories

Loading
Cross-Site Request Forgery (CSRF) in snipe/snipe-it High
CVE-2023-5511 was published for snipe/snipe-it (Composer) Oct 11, 2023
Cross-Site Request Forgery (CSRF) in usememos/memos High
CVE-2023-5036 was published for github.com/usememos/memos (Go) Sep 18, 2023
XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action High
CVE-2023-40572 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Aug 23, 2023
Jenkins Folders Plugin cross-site request forgery vulnerability High
CVE-2023-40336 was published for org.jenkins-ci.plugins:cloudbees-folder (Maven) Aug 16, 2023
xuxueli xxl-job Cross-Site Request Forgery Vulnerability High
CVE-2020-24922 was published for com.xuxueli:xxl-job (Maven) Aug 11, 2023
wger Workout Manager Cross-Site Request Forgery vulnerability High
CVE-2023-38759 was published for wger (pip) Aug 8, 2023
Cockpit CMS Cross-Site Request Forgery vulnerability High
CVE-2023-37650 was published for cockpit-hq/cockpit (Composer) Jul 20, 2023
Jenkins Assembla Auth Plugin vulnerable to cross-site request forgery High
CVE-2023-37961 was published for org.jenkins-ci.plugins:assembla-auth (Maven) Jul 12, 2023
Jenkins Benchmark Evaluator Plugin vulnerable to cross-site request forgery High
CVE-2023-37962 was published for io.jenkins.plugins:benchmark-evaluator (Maven) Jul 12, 2023
Jenkins Sumologic Publisher Plugin vulnerable to cross-site request forgery High
CVE-2023-37958 was published for org.jenkins-ci.plugins:sumologic-publisher (Maven) Jul 12, 2023
Jenkins ElasticBox CI Plugin vulnerable to cross-site request forgery High
CVE-2023-37964 was published for org.jenkins-ci.plugins:elasticbox (Maven) Jul 12, 2023
Jenkins Pipeline restFul API Plugin vulnerable to Cross Site Request Forgery High
CVE-2023-37957 was published for io.jenkins.plugins:pipeline-restful-api (Maven) Jul 12, 2023
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state High
CVE-2023-31999 was published for @fastify/oauth2 (npm) Jul 5, 2023
erezarnon panva
mcollina marco-ippolito
GilaCMS Cross Site Request Forgery vulnerability High
CVE-2020-20726 was published for gilacms/gila (Composer) Jun 20, 2023
Jenkins CSRF protection bypass vulnerability High
CVE-2023-35141 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 14, 2023
Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability High
CVE-2023-32991 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
modoboa vulnerable to Cross-Site Request Forgery High
CVE-2023-2228 was published for modoboa (pip) Apr 21, 2023
SvelteKit framework has Insufficient CSRF protection for CORS requests High
CVE-2023-29008 was published for @sveltejs/kit (npm) Apr 7, 2023
Ry0taK benmccann
dominikg Conduitry
SvelteKit vulnerable to Cross-Site Request Forgery High
CVE-2023-29003 was published for @sveltejs/kit (npm) Apr 4, 2023
v1ktor0t benmccann
Conduitry eltigerchino dominikg
Phachon mm-wiki Cross Site Request Forgery vulnerability High
CVE-2020-19278 was published for github.com/phachon/mm-wiki (Go) Apr 4, 2023
Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery High
CVE-2023-28676 was published for org.jenkins-ci.plugins:convert-to-pipeline (Maven) Apr 2, 2023
Moodle vulnerable to Cross-site Request Forgery High
CVE-2023-28335 was published for moodle/moodle (Composer) Mar 23, 2023
Missing proper state, nonce and PKCE checks for OAuth authentication High
CVE-2023-27490 was published for next-auth (npm) Mar 13, 2023
FINDarkside
Froxlor Cross-Site Request Forgery vulnerability High
CVE-2023-1033 was published for froxlor/froxlor (Composer) Feb 25, 2023
Cross-Site Request Forgery in Jenkins Azure Credentials Plugin High
CVE-2023-25767 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database