Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

5,923 advisories

Loading
Jenkins Dead Man's Snitch Plugin vulnerability stores tokens in plain text Moderate
CVE-2025-53666 was published for org.jenkins-ci.plugins:deadmanssnitch (Maven) Jul 9, 2025
Jenkins Testsigma Test Plan vulnerability exposes API keys via job configuration form Low
CVE-2025-53661 was published for io.jenkins.plugins:testsigma (Maven) Jul 9, 2025
Jenkins Nouvola DiveCloud Plugin vulnerability stores unencrypted credentials Moderate
CVE-2025-53670 was published for org.jenkins-ci.plugins:nouvola-divecloud (Maven) Jul 9, 2025
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens Moderate
CVE-2025-53665 was published for com.apica:ApicaLoadtest (Maven) Jul 9, 2025
Jenkins Nouvola DiveCloud Plugin vulnerability does not mask keys on its job configuration form Moderate
CVE-2025-53671 was published for org.jenkins-ci.plugins:nouvola-divecloud (Maven) Jul 9, 2025
Jenkins IBM Cloud DevOps Plugin vulnerability exposes SonarQube authentication tokens Moderate
CVE-2025-53663 was published for com.ibm.devops:ibm-cloud-devops (Maven) Jul 9, 2025
Jenkins ReadyAPI Functional Testing Plugin vulnerability exposes secrets Moderate
CVE-2025-53657 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) Jul 9, 2025
Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens in its global configuration file Moderate
CVE-2025-53673 was published for org.jenkins-ci.plugins:sensedia-api-platform (Maven) Jul 9, 2025
Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens Moderate
CVE-2025-53674 was published for org.jenkins-ci.plugins:sensedia-api-platform (Maven) Jul 9, 2025
Jenkins Applitools Eyes Plugin vulnerable to XSS through its Build page High
CVE-2025-53658 was published for org.jenkins-ci.plugins:applitools-eyes (Maven) Jul 9, 2025
Jenkins Statistics Gatherer Plugin vulnerability exposes AWS Secret Key Moderate
CVE-2025-53654 was published for org.jenkins.plugins.statistics.gatherer:statistics-gatherer (Maven) Jul 9, 2025
Jenkins Git Parameter Plugin vulnerable to code injection due to inexhaustive parameter check Moderate
CVE-2025-53652 was published for org.jenkins-ci.tools:git-parameter (Maven) Jul 9, 2025
Jenkins Aqua Security Scanner Plugin vulnerability exposes scanner tokens Moderate
CVE-2025-53653 was published for org.jenkins-ci.plugins:aqua-security-scanner (Maven) Jul 9, 2025
Jenkins HTML Publisher Plugin vulnerability displays controller file system information in its logs Moderate
CVE-2025-53651 was published for org.jenkins-ci.plugins:htmlpublisher (Maven) Jul 9, 2025
Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages Moderate
CVE-2025-53650 was published for org.jenkins-ci.plugins:credentials-binding (Maven) Jul 9, 2025
Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint Moderate
CVE-2025-53602 was published for io.zipkin:zipkin-server (Maven) Jul 4, 2025
junit-platform-reporting can leak Git credentials through its OpenTestReportGeneratingListener Moderate
CVE-2025-53103 was published for org.junit.platform:junit-platform-reporting (Maven) Jul 1, 2025
ciscoo marcphilipp
Graylog vulnerable to privilege escalation through API tokens High
CVE-2025-53106 was published for org.graylog2:graylog2-server (Maven) Jun 30, 2025
thll
Conductor vulnerable to OS command injection through unrestricted access to Java classes Critical
CVE-2025-26074 was published for org.conductoross:conductor-core (Maven) Jun 30, 2025
Janssen Config API returns results without scope verification High
CVE-2025-53003 was published for io.jans:jans-config-api-server (Maven) Jun 30, 2025
akka-cluster-metrics uses Java serialization for cluster metrics Moderate
CVE-2025-53393 was published for com.typesafe.akka:akka-cluster-metrics_2.13 (Maven) Jun 29, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data Critical
CVE-2025-32897 was published for org.apache.seata:seata-config-core (Maven) Jun 28, 2025
oscerd
jackson-core can throw a StackoverflowError when processing deeply nested data High
CVE-2025-52999 was published for com.fasterxml.jackson.core:jackson-core (Maven) Jun 27, 2025
Infinispan CLI vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2025-5731 was published for org.infinispan:infinispan-cli-client (Maven) Jun 27, 2025
XXL SSO is vulnerable to an Open Redirect through malicious manipulation of the redirect_url argument Low
CVE-2025-6701 was published for com.xuxueli:xxl-sso (Maven) Jun 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database