Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

143 advisories

Loading
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) High
CVE-2024-47879 was published for org.openrefine:main (Maven) Oct 24, 2024
wetneb
Selenium Server (Grid) CSRF High
CVE-2022-28108 was published for org.seleniumhq.selenium:selenium-grid (Maven) Apr 20, 2022
CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin High
CVE-2022-28136 was published for org.jenkins-ci.plugins:JiraTestResultReporter (Maven) Mar 30, 2022
NotMyFault
High severity vulnerability that affects io.vertx:vertx-web High
CVE-2018-12540 was published for io.vertx:vertx-web (Maven) Oct 17, 2018
MarkLee131
Cross-Site Request Forgery in Jenkins High
CVE-2020-2160 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault sunSUNQ
Cross-Site Request Forgery in Jenkins High
CVE-2017-1000504 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
Cloud Foundry Runtime Cross-Site Request Forgery vulnerability High
CVE-2015-5170 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cross-site request forgery vulnerability in Jenkins XL TestView Plugin High
CVE-2019-10386 was published for com.xebialabs.xlt.ci:xltestview-plugin (Maven) May 24, 2022
CSRF vulnerability in Jenkins Release plugin High
CVE-2018-1000013 was published for org.jenkins-ci.plugins:release (Maven) May 14, 2022
CSRF vulnerability in Jenkins Translation Assistance plugin High
CVE-2018-1000014 was published for org.jenkins-ci.plugins:translation (Maven) May 14, 2022
CSRF vulnerability in Jenkins Role-based Authorization Strategy Plugin configuration High
CVE-2017-1000090 was published for org.jenkins-ci.plugins:role-strategy (Maven) May 17, 2022
Sandbox Bypass via CSRF in Jenkins Warnings Plugin High
CVE-2019-1003007 was published for org.jvnet.hudson.plugins:warnings (Maven) May 13, 2022
Cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin High
CVE-2019-16560 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
Jenkins Slack Notification Plugin CSRF vulnerability and missing permission checks High
CVE-2019-1003044 was published for org.jenkins-ci.plugins:slack (Maven) May 13, 2022
Cross-Site Request Forgery in Jenkins Azure Credentials Plugin High
CVE-2023-25767 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins High
CVE-2022-43408 was published for org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view (Maven) Oct 19, 2022
Cross-Site Request Forgery in Jenkins Mailer Plugin High
CVE-2018-8718 was published for org.jenkins-ci.plugins:mailer (Maven) May 14, 2022
Apache Struts CSRF Vulnerability High
CVE-2016-4430 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin High
CVE-2022-20619 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery High
CVE-2019-10471 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
Cross-Site Request Forgery in Apache CXF Fediz High
CVE-2017-7662 was published for org.apache.cxf.fediz:fediz-oidc (Maven) May 13, 2022
q5438722
CSRF vulnerability in Jenkins Libvirt Agents Plugin High
CVE-2021-21627 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins High
CVE-2019-10384 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
CSRF vulnerability in Jenkins Configuration Slicing Plugin High
CVE-2021-21617 was published for org.jenkins-ci.plugins:configurationslicing (Maven) May 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin High
CVE-2019-16553 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API