Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

324 advisories

Loading
Missing Cryptographic Step in OWASP Enterprise Security API for Java Low
CVE-2013-5679 was published for org.owasp.esapi:esapi (Maven) May 17, 2022
MarkLee131
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2011-4344 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows attackers to obtain sensitive information Low
CVE-2014-2068 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2015-1813 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Vulnerable to Denial of Service (DoS) Low
CVE-2015-1808 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Build Failure Analyzer Plugin allows Cross-Site Scripting (XSS) Low
CVE-2013-6374 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 17, 2022
Improper Authentication in Apache Hadoop Low
CVE-2013-2192 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat Low
CVE-2013-2071 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Jenkins allows Cross-Site Scripting (XSS) in User Configuration Low
CVE-2013-5573 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Exposure of Sensitive Information in Jenkins Datadog plugin Low
CVE-2017-1000114 was published for org.datadog.jenkins.plugins:datadog (Maven) May 17, 2022
Insecure temporary file usage in Jenkins Git Client Plugin Low
CVE-2017-1000242 was published for org.jenkins-ci.plugins:git-client (Maven) May 17, 2022
Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users Low
CVE-2018-1000150 was published for org.jenkins-ci.plugins:reverse-proxy-auth-plugin (Maven) May 14, 2022
Jenkins GitHub Pull Request Builder Plugin Low
CVE-2018-1000143 was published for org.jenkins-ci.plugins:ghprb (Maven) May 14, 2022
Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability Low
CVE-2018-1000186 was published for org.jenkins-ci.plugins:ghprb (Maven) May 14, 2022
binary-1024
Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key Low
CVE-2018-1999031 was published for org.jenkins-ci.plugins:meliora-testlab (Maven) May 14, 2022
Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters Low
CVE-2015-2351 was published for org.opencms:opencms-core (Maven) May 14, 2022
Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource Low
CVE-2018-1999037 was published for org.jenkins-ci.plugins:resource-disposer (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in JBoss Fuse Low
CVE-2014-0085 was published for org.jboss.fuse:jboss-fuse (Maven) May 14, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2012-6074 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins affected by Open Redirect Vulnerability Low
CVE-2012-6073 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat Low
CVE-2010-3718 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
oliverchang sunSUNQ
Improper Input Validation in Jenkins Low
CVE-2017-1000401 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log Low
CVE-2018-1999036 was published for org.jenkins-ci.plugins:ssh-agent (Maven) May 13, 2022
Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password Low
CVE-2018-1000608 was published for org.jenkins-ci.plugins:zos-connector (Maven) May 13, 2022
Jenkins Coverity Plugin has Insufficiently Protected Credentials Low
CVE-2018-1000104 was published for org.jenkins-ci.plugins:coverity (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database