GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
260 advisories
Graylog server has partial path traversal vulnerability in Support Bundle feature
Low
CVE-2023-41044
was published
for
org.graylog2:graylog2-server
(Maven)
Jul 6, 2023
Graylog vulnerable to insecure source port usage for DNS queries
Low
CVE-2023-41045
was published
for
org.graylog2:graylog2-server
(Maven)
Jul 6, 2023
Graylog user session is still usable after logout
Low
CVE-2023-41041
was published
for
org.graylog2:graylog2-server
(Maven)
Jul 6, 2023
Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
Low
CVE-2023-26049
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 18, 2023
Incorrect Authorization in Jenkins Core
Low
CVE-2023-27903
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Information disclosure through error stack traces related to agents
Low
CVE-2023-27904
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions
Low
CVE-2023-0481
was published
for
io.quarkus.resteasy.reactive:resteasy-reactive-common
(Maven)
Feb 24, 2023
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin
Low
CVE-2022-43412
was published
for
org.jenkins-ci.plugins:generic-webhook-trigger
(Maven)
Oct 19, 2022
Non-constant time webhook token comparison in Jenkins GitLab Plugin
Low
CVE-2022-43411
was published
for
org.jenkins-ci.plugins:gitlab-plugin
(Maven)
Oct 19, 2022
AWS secrets displayed without masking by Jenkins S3 Explorer Plugin
Low
CVE-2022-43426
was published
for
io.jenkins.plugins:s3explorer
(Maven)
Oct 19, 2022
Apache Tomcat Race Condition vulnerability
Low
CVE-2021-43980
was published
for
org.apache.tomcat:tomcat
(Maven)
Sep 29, 2022
Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted
Low
CVE-2022-41247
was published
for
org.jenkins-ci.plugins:bigpanda-jenkins
(Maven)
Sep 22, 2022
Jenkins BigPanda Notifier Plugin Missing Password Field Masking
Low
CVE-2022-41248
was published
for
org.jenkins-ci.plugins:bigpanda-jenkins
(Maven)
Sep 22, 2022
API token stored in plain text by Jenkins CONS3RT Plugin
Low
CVE-2022-41255
was published
for
org.jenkins-ci.plugins:cons3rt
(Maven)
Sep 22, 2022
ProTip!
Advisories are also available from the
GraphQL API