GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability
Moderate
CVE-2024-28168
was published
for
org.apache.xmlgraphics:fop-core
(Maven)
Oct 9, 2024
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Moderate
CVE-2024-24549
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 13, 2024
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
Moderate
CVE-2024-23672
was published
for
org.apache.tomcat.embed:tomcat-embed-websocket
(Maven)
Mar 13, 2024
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-21733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 19, 2024
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin
Moderate
CVE-2023-50770
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Dec 13, 2023
Open redirect vulnerability in Jenkins OpenId Connect Authentication Plugin
Moderate
CVE-2023-50771
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Dec 13, 2023
HTTP/2 Stream Cancellation Attack
Moderate
CVE-2023-44487
was published
for
com.typesafe.akka:akka-http-core
(Go)
Oct 10, 2023
Denial of service in Jenkins Core
Moderate
CVE-2023-27900
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Incorrect Permission Preservation in Jenkins Core
Moderate
CVE-2023-27902
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds
Moderate
CVE-2021-21647
was published
for
org.jenkins-ci.plugins:electricflow
(Maven)
May 24, 2022
Missing authorization in Jenkins Kubernetes Plugin
Moderate
CVE-2020-2309
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
May 24, 2022
Missing Authorization in Jenkins Kubernetes Plugin
Moderate
CVE-2020-2308
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
May 24, 2022
Missing Authorization in Jenkins Mercurial Plugin
Moderate
CVE-2020-2306
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Mercurial Plugin
Moderate
CVE-2020-2305
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin
Moderate
CVE-2020-2307
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
May 24, 2022
Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin
Moderate
CVE-2020-2252
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
May 24, 2022
Improper privilege management in elasticsearch
Moderate
CVE-2020-7019
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Subversion Plugin stored XSS vulnerability
Moderate
CVE-2020-2111
was published
for
org.jenkins-ci.plugins:subversion
(Maven)
May 24, 2022
URLTrigger Plugin server-side request forgery vulnerability
Moderate
CVE-2018-1000606
was published
for
org.jenkins-ci.plugins:urltrigger
(Maven)
May 14, 2022
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security
Moderate
CVE-2010-3700
was published
for
org.acegisecurity:acegi-security
(Maven)
May 14, 2022
Exposure of sensitive information in Anchore Container Image Scanner Jenkins Plugin
Moderate
CVE-2018-1999033
was published
for
org.jenkins-ci.plugins:anchore-container-scanner
(Maven)
May 13, 2022
Apache Geronimo Application Server CSRF vulnerabilities
Moderate
CVE-2009-0039
was published
for
org.apache.geronimo.plugins:console
(Maven)
May 2, 2022
Apache Geronimo console 1.0 vulnerable to cross-site scripting
Moderate
CVE-2006-0254
was published
for
geronimo:geronimo-console-standard
(Maven)
May 1, 2022
Stored XSS in Jenkins CVS Plugin
Moderate
CVE-2022-29037
was published
for
org.jenkins-ci.plugins:cvs
(Maven)
Apr 13, 2022
Stored XSS vulnerability in Jenkins Git Parameter Plugin
Moderate
CVE-2022-29040
was published
for
org.jenkins-ci.tools:git-parameter
(Maven)
Apr 13, 2022
ProTip!
Advisories are also available from the
GraphQL API