GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
260 advisories
Filter by severity
ActiveMQ's OpenWire protocol exposes certain system details as plain text
Low
CVE-2017-15709
was published
for
org.apache.activemq:activemq-openwire-generator
(Maven)
May 13, 2022
Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials
Low
CVE-2019-10398
was published
for
org.jenkins-ci.plugins:beaker-builder
(Maven)
May 24, 2022
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2114
was published
for
org.jenkins-ci.plugins:s3
(Maven)
May 24, 2022
Client Spoofing within the Keycloak Device Authorisation Grant
Low
CVE-2023-2585
was published
for
org.keycloak:keycloak-server-spi-private
(Maven)
Jun 30, 2023
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin
Low
CVE-2022-23106
was published
for
io.jenkins:configuration-as-code
(Maven)
Jan 21, 2022
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted
Low
CVE-2022-36901
was published
for
org.jenkins-ci.plugins:http_request
(Maven)
Jul 28, 2022
Incorrect Authorization in Jenkins Core
Low
CVE-2023-27903
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Jenkins GitHub plugin uses weak webhook signature function
Low
CVE-2022-36885
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
Jul 28, 2022
Information disclosure through error stack traces related to agents
Low
CVE-2023-27904
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Non-constant time webhook token comparison in Jenkins GitLab Plugin
Low
CVE-2022-43411
was published
for
org.jenkins-ci.plugins:gitlab-plugin
(Maven)
Oct 19, 2022
Apache Tomcat Path Traversal Vulnerability
Low
CVE-2007-5461
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Information leak in Gerrit
Low
CVE-2020-8920
was published
for
com.google.gerrit:gerrit-plugin-api
(Maven)
May 24, 2022
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled
Low
CVE-2011-4457
was published
for
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
(Maven)
May 17, 2022
nvdApiKey is logged in debug mode
Low
GHSA-qqhq-8r2c-c3f5
was published
for
org.owasp:dependency-check-ant
(Maven)
Dec 15, 2023
CSRF vulnerability in Jenkins Frugal Testing Plugin
Low
CVE-2023-41946
was published
for
io.jenkins.plugins:frugal-testing
(Maven)
Sep 6, 2023
Potential leak of credentials in Micro Focus Dimensions CM Jenkins Plugin
Low
CVE-2023-32263
was published
for
org.jenkins-ci.plugins:dimensionsscm
(Maven)
Jul 19, 2023
CSRF vulnerability in Synopsys Jenkins Coverity Plugin
Low
CVE-2023-23847
was published
for
org.jenkins-ci.plugins:synopsys-coverity
(Maven)
Feb 15, 2023
Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin
Low
CVE-2024-23903
was published
for
io.jenkins.plugins:gitlab-branch-source
(Maven)
Jan 24, 2024
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
Low
CVE-2020-9488
was published
for
org.apache.logging.log4j:log4j
(Maven)
Jun 5, 2020
Apache Tomcat information disclosure vulnerability
Low
CVE-2008-4308
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Spring Cloud Contract vulnerable to local information disclosure
Low
CVE-2024-22236
was published
for
org.springframework.cloud:spring-cloud-contract-shade
(Maven)
Jan 31, 2024
Apache Solr Schema Designer blindly "trusts" all configsets
Low
CVE-2023-50292
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2024
Apache Tomcat Default Installation Reveals Sensitive Information
Low
CVE-2002-2006
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 30, 2022
Cross-site scripting in Apache ActiveMQ
Low
CVE-2010-0684
was published
for
org.apache.activemq:activemq-parent
(Maven)
May 2, 2022
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
Low
CVE-2010-3718
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API