GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
260 advisories
Filter by severity
Exposure of Sensitive Information in Jenkins Datadog plugin
Low
CVE-2017-1000114
was published
for
org.datadog.jenkins.plugins:datadog
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Low
CVE-2013-2071
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Improper Authentication in Apache Hadoop
Low
CVE-2013-2192
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 17, 2022
Jenkins allows attackers to obtain sensitive information
Low
CVE-2014-2068
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Missing Cryptographic Step in OWASP Enterprise Security API for Java
Low
CVE-2013-5679
was published
for
org.owasp.esapi:esapi
(Maven)
May 17, 2022
Cross-site Scripting in Apache Struts
Low
CVE-2011-1772
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled
Low
CVE-2011-4457
was published
for
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
(Maven)
May 17, 2022
Path traversal in Jenkins Mercurial Plugin
Low
CVE-2022-30948
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
May 18, 2022
Path traversal in Jenkins REPO Plugin
Low
CVE-2022-30949
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 18, 2022
Jenkins Azure PublisherSettings Credentials Plugin stored credentials in plain text
Low
CVE-2019-10303
was published
for
org.jenkins-ci.plugins:azure-publishersettings-credentials
(Maven)
May 24, 2022
Jenkins Aqua MicroScanner Plugin stored credentials in plain text
Low
CVE-2019-10316
was published
for
org.jenkins-ci.plugins:aqua-microscanner
(Maven)
May 24, 2022
Jenkins Twitter Plugin stores credentials in plain text
Low
CVE-2019-10313
was published
for
org.jenkins-ci.plugins:twitter
(Maven)
May 24, 2022
Jenkins Azure AD Plugin stored the client secret unencrypted
Low
CVE-2019-10318
was published
for
org.jenkins-ci.plugins:azure-ad
(Maven)
May 24, 2022
Jenkins Maven Release Plug-in Plugin stored credentials in plain text
Low
CVE-2019-10361
was published
for
org.jenkins-ci.plugins.m2release:m2release
(Maven)
May 24, 2022
Jenkins TestLink Plugin stores credentials in plain text
Low
CVE-2019-10378
was published
for
org.jenkins-ci.plugins:testlink
(Maven)
May 24, 2022
Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields
Low
CVE-2019-10397
was published
for
org.jenkins-ci.plugins:aqua-serverless
(Maven)
May 24, 2022
Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials
Low
CVE-2019-10398
was published
for
org.jenkins-ci.plugins:beaker-builder
(Maven)
May 24, 2022
Use of a weak cryptographic algorithm in Gradle
Low
CVE-2019-16370
was published
for
org.gradle:gradle-core
(Maven)
May 24, 2022
Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form
Low
CVE-2019-10411
was published
for
com.inedo.proget:inedo-proget
(Maven)
May 24, 2022
Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information
Low
CVE-2019-10412
was published
for
com.inedo.proget:inedo-proget
(Maven)
May 24, 2022
Jenkins Assembla Plugin has Insufficiently Protected Credentials
Low
CVE-2019-10420
was published
for
org.jenkins-ci.plugins:assembla
(Maven)
May 24, 2022
Jenkins vFabric Application Director Plugin Insufficiently Protected Credentials
Low
CVE-2019-10419
was published
for
org.jenkins-ci.plugins:application-director-plugin
(Maven)
May 24, 2022
Jenkins CodeScan Plugin has Insufficiently Protected Credentials
Low
CVE-2019-10423
was published
for
com.villagechief.codescan.jenkins:codescan
(Maven)
May 24, 2022
Jenkins elOyente Plugin has Insufficiently Protected Credentials
Low
CVE-2019-10424
was published
for
com.technicolor:elOyente
(Maven)
May 24, 2022
Jenkins LDAP Email Plugin shows plain text password in configuration form
Low
CVE-2019-10434
was published
for
com.mtvi.plateng.hudson:ldapemail
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API