Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

265 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat Low
CVE-2013-2071 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Improper Authentication in Apache Hadoop Low
CVE-2013-2192 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
Path Traversal in XWiki Platform Low
CVE-2022-29253 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 1, 2022
Apache Tika contains incomplete fix for regex DoS Low
CVE-2022-33879 was published for org.apache.tika:tika (Maven) Jun 28, 2022
Jenkins LDAP Email Plugin shows plain text password in configuration form Low
CVE-2019-10434 was published for com.mtvi.plateng.hudson:ldapemail (Maven) May 24, 2022
Path traversal in Jenkins Mercurial Plugin Low
CVE-2022-30948 was published for org.jenkins-ci.plugins:mercurial (Maven) May 18, 2022
NotMyFault
Jenkins GitHub Pull Request Builder Plugin Low
CVE-2018-1000143 was published for org.jenkins-ci.plugins:ghprb (Maven) May 14, 2022
Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users Low
CVE-2018-1000150 was published for org.jenkins-ci.plugins:reverse-proxy-auth-plugin (Maven) May 14, 2022
Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin Low
CVE-2020-2210 was published for org.jenkins-ci.plugins:StashBranchParameter (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Jenkins DeployHub Plugin Low
CVE-2020-2156 was published for com.openmake:deployhub (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Skytap Cloud CI Plugin Low
CVE-2020-2157 was published for org.jenkins-ci.plugins:skytap (Maven) May 24, 2022
NotMyFault
JBossWS vulnerable to uncontrolled recursion Low
CVE-2011-1483 was published for org.jboss.ws:jbossws-common (Maven) May 13, 2022
Nimbus JOSE+JWT vulnerable to padding oracle attack Low
CVE-2017-12973 was published for com.nimbusds:nimbus-jose-jwt (Maven) May 13, 2022
hutool-json vulnerable to memory exhaustion Low
CVE-2022-45689 was published for cn.hutool:hutool-json (Maven) Dec 13, 2022
Potential sensitive data exposure in applications using Vaadin 15 Low
CVE-2020-36319 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
knoobie
Jetty invalid URI parsing may produce invalid HttpURI.authority Low
CVE-2022-2047 was published for org.eclipse.jetty:jetty-http (Maven) Jul 7, 2022
rafax00
Privilege Context Switching Error in Elasticsearch Low
CVE-2020-7020 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
OIDC Logout redirect in keycloak Low
CVE-2020-10734 was published for org.keycloak:keycloak-oidc-client-adapter-pom (Maven) Apr 28, 2022
sonOfRa
Exposure of Sensitive Information in Jenkins Datadog plugin Low
CVE-2017-1000114 was published for org.datadog.jenkins.plugins:datadog (Maven) May 17, 2022
Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin Low
CVE-2019-10450 was published for com.elasticbox.jenkins-ci.plugins:elasticbox (Maven) May 24, 2022
Jenkins Quality Gates Plugin transmits credentials in plain text during configuration Low
CVE-2020-2151 was published for org.jenkins-ci.plugins:quality-gates (Maven) May 24, 2022
NotMyFault
Use of a weak cryptographic algorithm in Gradle Low
CVE-2019-16370 was published for org.gradle:gradle-core (Maven) May 24, 2022
Plaintext Storage in Jenkins Spira Importer Plugin Low
CVE-2019-16543 was published for com.inflectra.spiratest.plugins:inflectra-spira-integration (Maven) May 24, 2022
Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration Low
CVE-2020-2150 was published for org.jenkins-ci.plugins:sonar-quality-gates (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Repository Connector Plugin Low
CVE-2020-2149 was published for org.jenkins-ci.plugins:repository-connector (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database