Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

351 advisories

Loading
Jenkins Tag Profiler Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-33003 was published for org.jenkins-ci.plugins:tag-profiler (Maven) May 16, 2023
@builder.io/qwik-city Cross-Site Request Forgery vulnerability Moderate
CVE-2023-2307 was published for @builder.io/qwik-city (npm) Apr 26, 2023
CSRF token fixation in fastify-passport Moderate
CVE-2023-29020 was published for @fastify/passport (npm) Apr 21, 2023
pedromigueladao lavish
Bypass of CSRF protection in the presence of predictable userInfo Moderate
CVE-2023-27495 was published for @fastify/csrf-protection (npm) Apr 20, 2023
pedromigueladao lavish
Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-30529 was published for org.jenkins-ci.plugins:lucene-search (Maven) Apr 12, 2023
Jenkins Report Portal Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-30525 was published for org.jenkins-ci.plugins:reportportal (Maven) Apr 12, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery Moderate
CVE-2023-28674 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery Moderate
CVE-2023-28671 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
OpenNMS Meridian and Horizon vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-0870 was published for org.opennms:opennms-webapp (Maven) Mar 22, 2023
Possible CSRF token fixation Moderate
CVE-2023-25170 was published for prestashop/prestashop (Composer) Mar 13, 2023
apollo-portal has potential CSRF issue Moderate
CVE-2023-25569 was published for com.ctrip.framework.apollo:apollo (Maven) Feb 22, 2023
Cross-Site Request Forgery (CSRF) in wallabag/wallabag Moderate
CVE-2023-0735 was published for wallabag/wallabag (Composer) Feb 8, 2023
Cross-Site Request Forgery in XXL Job Moderate
CVE-2023-0674 was published for com.xuxueli:xxl-job (Maven) Feb 4, 2023
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2 Moderate
CVE-2023-25015 was published for clockwork_web (RubyGems) Feb 2, 2023
Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin Moderate
CVE-2023-24428 was published for org.jenkins-ci.plugins:bitbucket-oauth (Maven) Jan 26, 2023
Cross-site request forgery in Jenkins Gerrit Trigger Plugin Moderate
CVE-2023-24423 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24437 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
CSRF vulnerability in Jenkins Keycloak Authentication Plugin Moderate
CVE-2023-24457 was published for org.jenkins-ci.plugins:keycloak (Maven) Jan 26, 2023
magento-lts Reset Password not protected against well-timed CSRF Moderate
CVE-2021-21395 was published for openmage/magento-lts (Composer) Jan 26, 2023
Cross-Site Request Forgery in modoboa Moderate
CVE-2023-0438 was published for modoboa (pip) Jan 23, 2023
CakePHP has incorrect Cross-Site Request Forgery validation Moderate
GHSA-829q-v5g8-hhxc was published for cakephp/cakephp (Composer) Jan 20, 2023
Cross-Site Request Forgery in modoboa Moderate
CVE-2023-0406 was published for modoboa (pip) Jan 19, 2023
Modoboa is vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-0398 was published for modoboa (pip) Jan 19, 2023
Froxlor vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-4867 was published for froxlor/froxlor (Composer) Dec 31, 2022
usememos/memos Cross-Site Request Forgery vulnerability Moderate
CVE-2022-4846 was published for github.com/usememos/memos (Go) Dec 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database