GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
335 advisories
Filter by severity
High severity vulnerability that affects io.vertx:vertx-web
High
CVE-2018-12540
was published
for
io.vertx:vertx-web
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, and org.apache.cxf.fediz:fediz-spring2
Moderate
CVE-2017-7661
was published
for
org.apache.cxf.fediz:fediz-jetty8
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
Moderate
CVE-2017-12631
was published
for
org.apache.cxf.fediz:fediz-spring
(Maven)
Oct 18, 2018
OrientDB-Server vulnerable to Cross-Site Request Forgery
High
CVE-2015-2912
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons
High
CVE-2018-20595
was published
for
org.hswebframework.web:hsweb-commons
(Maven)
Jan 4, 2019
Improper Input Validation and Cross-Site Request Forgery in Keycloak
High
CVE-2019-10199
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 23, 2019
Cross-site scripting in Swagger-UI
Critical
CVE-2019-17495
was published
for
io.springfox:springfox-swagger-ui
(Maven)
Oct 15, 2019
CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux
Moderate
CVE-2020-5397
was published
for
org.springframework:spring-webflux
(Maven)
Jan 21, 2020
CSRF in Play Framework
Moderate
CVE-2020-12480
was published
for
com.typesafe.play:play_2.12
(Maven)
Aug 18, 2020
Cross-Site Request Forgery in Vert.x-Web framework
High
CVE-2020-35217
was published
for
io.vertx:vertx-web
(Maven)
Apr 22, 2021
Cross-Site Request Forgery in OpenNMS Horizon
Moderate
CVE-2021-25930
was published
for
org.opennms:opennms
(Maven)
May 25, 2021
Cross-Site Request Forgery in OpenNMS Horizon
High
CVE-2021-25931
was published
for
org.opennms:opennms
(Maven)
May 25, 2021
CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials
High
CVE-2021-21652
was published
for
org.jenkins-ci.plugins:xray-connector
(Maven)
Jun 16, 2021
Cross-Site Request Forgery in the Jenkins Claim plugin
Moderate
CVE-2021-21620
was published
for
org.jenkins-ci.plugins:claim
(Maven)
Jun 16, 2021
Cryptographically weak CSRF tokens in Apache MyFaces
High
CVE-2021-26296
was published
for
org.apache.myfaces.core:myfaces-core-module
(Maven)
Jun 16, 2021
No CSRF protection on the password change form
Moderate
CVE-2021-32730
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Jul 2, 2021
Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server
High
CVE-2021-39133
was published
for
org.rundeck:rundeck-core
(Maven)
Sep 1, 2021
Request injection in Spring Cloud Gateway
Moderate
CVE-2021-22051
was published
for
org.springframework.cloud:spring-cloud-gateway
(Maven)
Nov 10, 2021
Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12
High
CVE-2020-28452
was published
for
com.softwaremill.akka-http-session:core_2.12
(Maven)
Jan 6, 2022
CSRF vulnerability in Jenkins batch task Plugin
Moderate
CVE-2022-23115
was published
for
org.jenkins-ci.plugins:batch-task
(Maven)
Jan 13, 2022
CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin
Moderate
CVE-2022-23111
was published
for
org.jenkins-ci.plugins:publish-over-ssh
(Maven)
Jan 13, 2022
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin
High
CVE-2022-20619
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
Cross-Site Request Forgery in Jenkins Mailer Plugin
Moderate
CVE-2022-20613
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
Jan 13, 2022
Cross-Site Request Forgery in Jenkins
Moderate
CVE-2022-20612
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 21, 2022
Cross-Site Request Forgery
Moderate
CVE-2020-7780
was published
for
com.softwaremill.akka-http-session:core_2.11
(Maven)
Feb 9, 2022
ProTip!
Advisories are also available from the
GraphQL API