GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
335 advisories
Filter by severity
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)
High
CVE-2024-47879
was published
for
org.openrefine:main
(Maven)
Oct 24, 2024
BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2024-3825
was published
for
com.blazemeter.plugins:BlazeMeterJenkinsPlugin
(Maven)
Apr 17, 2024
XWiki Platform CSRF remote code execution through the realtime HTML Converter API
Critical
CVE-2024-31988
was published
for
org.xwiki.platform:xwiki-platform-realtime-ui
(Maven)
Apr 10, 2024
XWiki Platform CSRF remote code execution through scheduler job's document reference
Critical
CVE-2024-31986
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Apr 10, 2024
XWiki Platform CSRF in the job scheduler
Moderate
CVE-2024-31985
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Apr 10, 2024
Apache Zeppelin CSRF vulnerability in the Credentials page
Moderate
CVE-2021-28656
was published
for
org.apache.zeppelin:zeppelin-web
(Maven)
Apr 9, 2024
Cross-Site Request Forgery in Apache Wicket
Moderate
CVE-2024-27439
was published
for
org.apache.wicket:wicket
(Maven)
Mar 19, 2024
Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability
Moderate
CVE-2024-2215
was published
for
org.jenkins-ci.plugins:docker-build-step
(Maven)
Mar 6, 2024
Jenkins Subversion Partial Release Manager Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2024-28158
was published
for
org.jenkins-ci.plugins:svn-partial-release-mgr
(Maven)
Mar 6, 2024
CSRF vulnerability in Jenkins GitLab Branch Source Plugin
Moderate
CVE-2024-23902
was published
for
io.jenkins.plugins:gitlab-branch-source
(Maven)
Jan 24, 2024
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass
Critical
CVE-2023-50722
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Dec 16, 2023
Cross-site request forgery vulnerability in Jenkins Deployment Dashboard Plugin
Moderate
CVE-2023-50775
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Dec 13, 2023
Cross-site request forgery vulnerability in Jenkins HTMLResource Plugin
High
CVE-2023-50774
was published
for
org.jenkins-ci.plugins:htmlresource
(Maven)
Dec 13, 2023
Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability
High
CVE-2023-50766
was published
for
org.sonatype.nexus.ci:nexus-jenkins-plugin
(Maven)
Dec 13, 2023
Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-50768
was published
for
org.sonatype.nexus.ci:nexus-jenkins-plugin
(Maven)
Dec 13, 2023
Cross-Site Request Forgery in Jenkins PaaSLane Estimate Plugin
Moderate
CVE-2023-50778
was published
for
com.cloudtp.jenkins:paaslane-estimate
(Maven)
Dec 13, 2023
Cross Site Request Forgery in Silverpeas
High
CVE-2023-47322
was published
for
org.silverpeas.core:silverpeas-core-web
(Maven)
Dec 13, 2023
Cross Site Request Forgery in Silverpeas
High
CVE-2023-47326
was published
for
org.silverpeas.core:silverpeas-core
(Maven)
Dec 13, 2023
Cross-Site Request Forgery in JFinalCMS via admin/nav/delete
High
CVE-2023-49448
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/nav/update
High
CVE-2023-49447
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/save
High
CVE-2023-49396
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/nav/save
High
CVE-2023-49446
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/delete
High
CVE-2023-49398
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/div/delete
High
CVE-2023-49382
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/update
High
CVE-2023-49395
was published
for
com.jfinal:jfinal
(Maven)
Dec 5, 2023
ProTip!
Advisories are also available from the
GraphQL API