Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

332 advisories

BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-3825 was published for com.blazemeter.plugins:BlazeMeterJenkinsPlugin (Maven) Apr 17, 2024
XWiki Platform CSRF remote code execution through the realtime HTML Converter API Critical
CVE-2024-31988 was published for org.xwiki.platform:xwiki-platform-realtime-ui (Maven) Apr 10, 2024
XWiki Platform CSRF remote code execution through scheduler job's document reference Critical
CVE-2024-31986 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 10, 2024
XWiki Platform CSRF in the job scheduler Moderate
CVE-2024-31985 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 10, 2024
Apache Zeppelin CSRF vulnerability in the Credentials page Moderate
CVE-2021-28656 was published for org.apache.zeppelin:zeppelin-web (Maven) Apr 9, 2024
Cross-Site Request Forgery in Apache Wicket Moderate
CVE-2024-27439 was published for org.apache.wicket:wicket (Maven) Mar 19, 2024
Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2024-2215 was published for org.jenkins-ci.plugins:docker-build-step (Maven) Mar 6, 2024
Jenkins Subversion Partial Release Manager Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-28158 was published for org.jenkins-ci.plugins:svn-partial-release-mgr (Maven) Mar 6, 2024
CSRF vulnerability in Jenkins GitLab Branch Source Plugin Moderate
CVE-2024-23902 was published for io.jenkins.plugins:gitlab-branch-source (Maven) Jan 24, 2024
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass Critical
CVE-2023-50722 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 16, 2023
Cross-site request forgery vulnerability in Jenkins Deployment Dashboard Plugin Moderate
CVE-2023-50775 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Dec 13, 2023
Cross-Site Request Forgery in Jenkins PaaSLane Estimate Plugin Moderate
CVE-2023-50778 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Cross-site request forgery vulnerability in Jenkins HTMLResource Plugin High
CVE-2023-50774 was published for org.jenkins-ci.plugins:htmlresource (Maven) Dec 13, 2023
Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability High
CVE-2023-50766 was published for org.sonatype.nexus.ci:nexus-jenkins-plugin (Maven) Dec 13, 2023
Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-50768 was published for org.sonatype.nexus.ci:nexus-jenkins-plugin (Maven) Dec 13, 2023
Cross Site Request Forgery in Silverpeas High
CVE-2023-47322 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Cross Site Request Forgery in Silverpeas High
CVE-2023-47326 was published for org.silverpeas.core:silverpeas-core (Maven) Dec 13, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/save High
CVE-2023-49396 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/updateStatus High
CVE-2023-49397 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/update High
CVE-2023-49395 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/div/update High
CVE-2023-49381 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/tag/save High
CVE-2023-49383 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via admin/nav/delete High
CVE-2023-49448 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/div/delete High
CVE-2023-49382 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/nav/save High
CVE-2023-49446 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
ProTip! Advisories are also available from the GraphQL API