Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

3,078 advisories

Loading
Private key stored in plain text by Jenkins Google Compute Engine Plugin Moderate
CVE-2022-29052 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) Apr 13, 2022
NotMyFault Credited to NotMyFault
Stored XSS in Jenkins CVS Plugin Moderate
CVE-2022-29037 was published for org.jenkins-ci.plugins:cvs (Maven) Apr 13, 2022
westonsteimel Credited to westonsteimel
Cross-site Scripting in Jenkins Credentials Plugin Moderate
CVE-2022-29036 was published for org.jenkins-ci.plugins:credentials (Maven) Apr 13, 2022
Cross-site Scripting in OWASP AntiSamy Moderate
CVE-2022-28367 was published for org.owasp.antisamy:antisamy (Maven) Apr 23, 2022
Improper Input Validation in Mortbay Jetty Moderate
CVE-2006-2759 was published for org.mortbay.jetty:jetty (Maven) May 1, 2022
Server-Side Request Forgery in Jenkins Moderate
CVE-2018-1000067 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2018-1000195 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Injection in Jenkins Moderate
CVE-2018-1000193 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper Neutralization of Input During Web Page Generation in Apache Hadoop Moderate
CVE-2017-3161 was published for org.apache.hadoop:hadoop-client (Maven) May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in zt-zip Moderate
CVE-2018-1002201 was published for org.zeroturnaround:zt-zip (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch Moderate
CVE-2018-17244 was published for org.elasticsearch:elasticsearch (Maven) May 13, 2022
Improper Authentication in Apache Kafka Moderate
CVE-2017-12610 was published for org.apache.kafka:kafka-clients (Maven) May 13, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2017-2613 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2018-1000169 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Improper Access Control in Apache Derby Moderate
CVE-2018-1313 was published for org.apache.derby:derby (Maven) May 13, 2022
Integer Overflow or Wraparound in JBCrypt Moderate
CVE-2015-0886 was published for org.mindrot:jbcrypt (Maven) May 13, 2022
Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java Moderate
CVE-2014-3603 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 14, 2022
Improper Authentication in Apache Tomcat Moderate
CVE-2013-2067 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Mortbay Jetty vulnerable to Cross-site scripting Moderate
CVE-2007-5613 was published for org.mortbay.jetty:jetty (Maven) May 1, 2022
Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) Moderate
CVE-2008-1285 was published for com.sun.faces:jsf-api (Maven) May 1, 2022
Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch Moderate
CVE-2016-5725 was published for com.jcraft:jsch (Maven) May 13, 2022
Missing XML Validation in Apache CXF Moderate
CVE-2013-2160 was published for org.apache.cxf:cxf-rt-frontend-jaxrs (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop Moderate
CVE-2016-5001 was published for org.apache.hadoop:hadoop-common (Maven) May 13, 2022
Improper Neutralization of Input During Web Page Generation in Apache Axis2 Moderate
CVE-2010-2103 was published for org.apache.axis2.wso2:axis2 (Maven) May 14, 2022
Incorrect Authorization in Jenkins Moderate
CVE-2017-2599 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database