Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

143 advisories

Loading
Cross-Site Request Forgery in Jenkins High
CVE-2017-1000356 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability High
CVE-2018-1000153 was published for org.jenkins-ci.plugins:vsphere-cloud (Maven) May 14, 2022
Apache Tomcat allows remote attackers to bypass a CSRF protection mechanism by using a token High
CVE-2015-5351 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Mingsoft MCMS CSRF vulnerability High
CVE-2018-17366 was published for net.mingsoft:ms-mcms (Maven) May 14, 2022
CSRF vulnerability in Config File Provider Plugin High
CVE-2018-1000414 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 14, 2022
CSRF vulnerability in Email Extension Template Plugin High
CVE-2018-1000417 was published for org.jenkins-ci.plugins:email-ext (Maven) May 14, 2022
Cross-Site Request Forgery in Jenkins Mailer Plugin High
CVE-2018-8718 was published for org.jenkins-ci.plugins:mailer (Maven) May 14, 2022
Apache Archiva vulnerable to Cross Site Request Forgery High
CVE-2017-5657 was published for org.apache.archiva:archiva (Maven) May 14, 2022
Cross-Site Request Forgery in Jenkins High
CVE-2017-1000504 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
Jenkins Favorite Plugin vulnerable to Cross-Site Request Forgery High
CVE-2017-1000244 was published for org.jvnet.hudson.plugins:favorite (Maven) May 14, 2022
Cross-Site Request Forgery in hawtio High
CVE-2017-7556 was published for io.hawt:project (Maven) May 13, 2022
Jenkins Warnings Next Generation Plugin cross-site request forgery vulnerability High
CVE-2019-1003008 was published for io.jenkins.plugins:warnings-ng (Maven) May 13, 2022
Sandbox Bypass via CSRF in Jenkins Warnings Plugin High
CVE-2019-1003007 was published for org.jvnet.hudson.plugins:warnings (Maven) May 13, 2022
Jenkins Slack Notification Plugin CSRF vulnerability and missing permission checks High
CVE-2019-1003044 was published for org.jenkins-ci.plugins:slack (Maven) May 13, 2022
springframework-social Cross-Site Request Forgery vulnerability High
CVE-2015-5258 was published for org.springframework.social:spring-social-core (Maven) May 13, 2022
Cross-Site Request Forgery in Apache CXF Fediz High
CVE-2017-7662 was published for org.apache.cxf.fediz:fediz-oidc (Maven) May 13, 2022
q5438722
Cloud Foundry Runtime Cross-Site Request Forgery vulnerability High
CVE-2015-5170 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cross Site Request Forgery in Mingsoft MCMS High
CVE-2022-27340 was published for net.mingsoft:ms-mcms (Maven) Apr 23, 2022
Selenium Server (Grid) CSRF High
CVE-2022-28108 was published for org.seleniumhq.selenium:selenium-grid (Maven) Apr 20, 2022
CSRF vulnerability in Jenkins Publish Over FTP Plugin High
CVE-2022-29050 was published for org.jenkins-ci.plugins:publish-over-ftp (Maven) Apr 13, 2022
westonsteimel
CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin High
CVE-2022-28136 was published for org.jenkins-ci.plugins:JiraTestResultReporter (Maven) Mar 30, 2022
NotMyFault
Cross site request forgery in Jenkins Job and Node ownership Plugin High
CVE-2022-28150 was published for com.synopsys.jenkinsci:ownership (Maven) Mar 30, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins P4 Plugin High
CVE-2021-21655 was published for org.jenkins-ci.plugins:p4 (Maven) Mar 18, 2022
NotMyFault
CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin High
CVE-2022-27198 was published for org.jenkins-ci.plugins:aws-credentials (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials High
CVE-2022-27210 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database