Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

356 advisories

Loading
Liferay Portal Vulnerable to Cross-Site Request Forgery High
CVE-2025-43748 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
Liferay Portal CSRF Vulnerability via Endpoint Parameter Moderate
CVE-2025-43745 was published for com.liferay.portal:release.portal.bom (Maven) Aug 19, 2025
Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module High
CVE-2023-35030 was published for com.liferay.portal:release.dxp.bom (Maven) Jun 15, 2023
Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console Critical
CVE-2024-8980 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery in Terms of Use Page High
CVE-2021-29050 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Feb 21, 2024
Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs High
CVE-2021-33338 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Jenkins Cadence vManager Plugin Vulnerable to Cross-Site Request Forgery Moderate
CVE-2025-47886 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 14, 2025
CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin High
CVE-2022-43407 was published for org.jenkins-ci.plugins:pipeline-input-step (Maven) Oct 19, 2022
NotMyFault
Cross-Site Request Forgery in OpenNMS Horizon Moderate
CVE-2021-25930 was published for org.opennms:opennms (Maven) May 25, 2021
Cross-Site Request Forgery in OpenNMS Horizon High
CVE-2021-25931 was published for org.opennms:opennms (Maven) May 25, 2021
Cross-Site Request Forgery in Jenkins Cluster Statistics Plugin Moderate
CVE-2022-45398 was published for org.zeroturnaround:cluster-stats (Maven) Nov 16, 2022
NotMyFault
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor High
CVE-2024-26273 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor High
CVE-2024-26272 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget High
CVE-2024-26271 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
Apache Wicket vulnerable to CSRF attacks High
CVE-2016-6806 was published for org.apache.wicket:wicket-core (Maven) May 17, 2022
Apache Brooklyn is vulnerable to cross-site request forgery (CSRF) High
CVE-2016-8737 was published for org.apache.brooklyn:brooklyn-jsgui (Maven) May 17, 2022
Neo4J vulnerable to Cross-Site Request Forgery High
CVE-2013-7259 was published for org.neo4j:neo4j (Maven) May 17, 2022
Jenkins Simple Queue Plugin Cross-Site Request Forgery (CSRF) Moderate
CVE-2025-31723 was published for io.jenkins.plugins:simple-queue (Maven) Apr 2, 2025
Selenium Server (Grid) CSRF High
CVE-2022-28108 was published for org.seleniumhq.selenium:selenium-grid (Maven) Apr 20, 2022
jeffwidman
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack High
CVE-2015-7537 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack High
CVE-2015-7538 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack Low
CVE-2015-5318 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins cross-site request forgery (CSRF) vulnerability Moderate
CVE-2025-27624 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 6, 2025
Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery High
CVE-2023-28676 was published for org.jenkins-ci.plugins:convert-to-pipeline (Maven) Apr 2, 2023
Cross-Site Request Forgery in Apache Wicket Moderate
CVE-2024-27439 was published for org.apache.wicket:wicket (Maven) Mar 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database