Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

141 advisories

Loading
High severity vulnerability that affects io.vertx:vertx-web High
CVE-2018-12540 was published for io.vertx:vertx-web (Maven) Oct 17, 2018
MarkLee131
Cross-Site Request Forgery in Jenkins High
CVE-2020-2160 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault sunSUNQ
Cross-Site Request Forgery in Jenkins High
CVE-2017-1000504 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
Cloud Foundry Runtime Cross-Site Request Forgery vulnerability High
CVE-2015-5170 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cross-site request forgery vulnerability in Jenkins XL TestView Plugin High
CVE-2019-10386 was published for com.xebialabs.xlt.ci:xltestview-plugin (Maven) May 24, 2022
CSRF vulnerability in Jenkins Release plugin High
CVE-2018-1000013 was published for org.jenkins-ci.plugins:release (Maven) May 14, 2022
CSRF vulnerability in Jenkins Translation Assistance plugin High
CVE-2018-1000014 was published for org.jenkins-ci.plugins:translation (Maven) May 14, 2022
CSRF vulnerability in Jenkins Role-based Authorization Strategy Plugin configuration High
CVE-2017-1000090 was published for org.jenkins-ci.plugins:role-strategy (Maven) May 17, 2022
Sandbox Bypass via CSRF in Jenkins Warnings Plugin High
CVE-2019-1003007 was published for org.jvnet.hudson.plugins:warnings (Maven) May 13, 2022
Cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin High
CVE-2019-16560 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
Jenkins Slack Notification Plugin CSRF vulnerability and missing permission checks High
CVE-2019-1003044 was published for org.jenkins-ci.plugins:slack (Maven) May 13, 2022
Cross-Site Request Forgery in Jenkins Azure Credentials Plugin High
CVE-2023-25767 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins High
CVE-2022-43408 was published for org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view (Maven) Oct 19, 2022
Cross-Site Request Forgery in Jenkins Mailer Plugin High
CVE-2018-8718 was published for org.jenkins-ci.plugins:mailer (Maven) May 14, 2022
Apache Struts CSRF Vulnerability High
CVE-2016-4430 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin High
CVE-2022-20619 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery High
CVE-2019-10471 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
Cross-Site Request Forgery in Apache CXF Fediz High
CVE-2017-7662 was published for org.apache.cxf.fediz:fediz-oidc (Maven) May 13, 2022
q5438722
CSRF vulnerability in Jenkins Libvirt Agents Plugin High
CVE-2021-21627 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins High
CVE-2019-10384 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
CSRF vulnerability in Jenkins Configuration Slicing Plugin High
CVE-2021-21617 was published for org.jenkins-ci.plugins:configurationslicing (Maven) May 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin High
CVE-2019-16553 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 24, 2022
Cross-Site Request Forgery in Jenkins Gerrit Trigger Plugin High
CVE-2019-16551 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) May 24, 2022
Jenkins Docker Plugin contains Cross-Site Request Forgery High
CVE-2019-10340 was published for io.jenkins.docker:docker-plugin (Maven) May 24, 2022
CSRF vulnerability in Jenkins Build With Parameters Plugin High
CVE-2021-21629 was published for org.jenkins-ci.plugins:build-with-parameters (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API