GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
256 advisories
Filter by severity
Information Disclosure in Guava
Low
CVE-2020-8908
was published
for
com.google.guava:guava
(Maven)
Mar 25, 2021
Signing DynamoDB Sets when using the AWS Database Encryption SDK.
Low
GHSA-72fp-w44g-625q
was published
for
software.amazon.cryptography:aws-database-encryption-sdk-dynamodb
(Maven)
Nov 9, 2023
RuoYi vulnerable to Cross-site Scripting
Low
CVE-2023-3815
was published
for
com.ruoyi:ruoyi
(Maven)
Jul 21, 2023
Jenkins temporary uploaded file created with insecure permissions
Low
CVE-2023-43497
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 20, 2023
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
Low
CVE-2023-41329
was published
for
com.github.tomakehurst:wiremock-jre8
(Maven)
Sep 8, 2023
Cross-site Scripting in Mingsoft MCMS
Low
CVE-2023-3990
was published
for
net.mingsoft:ms-mcms
(Maven)
Jul 28, 2023
Apache Camel information exposure vulnerability
Low
CVE-2023-34442
was published
for
org.apache.camel:camel-jira
(Maven)
Jul 10, 2023
Graylog server has partial path traversal vulnerability in Support Bundle feature
Low
CVE-2023-41044
was published
for
org.graylog2:graylog2-server
(Maven)
Jul 6, 2023
Graylog vulnerable to insecure source port usage for DNS queries
Low
CVE-2023-41045
was published
for
org.graylog2:graylog2-server
(Maven)
Jul 6, 2023
Jetty vulnerable to errant command quoting in CGI Servlet
Low
CVE-2023-36479
was published
for
org.eclipse.jetty.ee10:jetty-ee10-servlets
(Maven)
Sep 14, 2023
Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
Low
CVE-2023-26049
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 18, 2023
Graylog user session is still usable after logout
Low
CVE-2023-41041
was published
for
org.graylog2:graylog2-server
(Maven)
Jul 6, 2023
Jenkins QMetry for JIRA Plugin shows plain text password in configuration form
Low
CVE-2019-16545
was published
for
org.jenkins-ci.plugins:qmetry-for-jira-test-management
(Maven)
May 24, 2022
Access token stored in plain text by Jenkins SMS Notification Plugin
Low
CVE-2020-2297
was published
for
com.hoiio.jenkins:sms
(Maven)
May 24, 2022
Password stored in plain text by Jenkins couchdb-statistics Plugin
Low
CVE-2020-2291
was published
for
org.jenkins-ci.plugins:couchdb-statistics
(Maven)
May 24, 2022
Credentials stored in plain text by Jenkins tfs Plugin
Low
CVE-2020-2249
was published
for
org.jenkins-ci.plugins:tfs
(Maven)
May 24, 2022
Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form
Low
CVE-2019-10411
was published
for
com.inedo.proget:inedo-proget
(Maven)
May 24, 2022
Jenkins TestLink Plugin stores credentials in plain text
Low
CVE-2019-10378
was published
for
org.jenkins-ci.plugins:testlink
(Maven)
May 24, 2022
Password stored in plain text by Jenkins HP ALM Quality Center Plugin
Low
CVE-2020-2218
was published
for
org.jenkins-ci.plugins:hp-quality-center
(Maven)
May 24, 2022
Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text
Low
CVE-2020-2154
was published
for
org.jenkins-ci.plugins:zephyr-for-jira-test-management
(Maven)
May 24, 2022
Passwords stored in plain text by Jenkins Artifactory Plugin
Low
CVE-2020-2164
was published
for
org.jenkins-ci.plugins:artifactory
(Maven)
May 24, 2022
Jenkins Aqua MicroScanner Plugin stored credentials in plain text
Low
CVE-2019-10316
was published
for
org.jenkins-ci.plugins:aqua-microscanner
(Maven)
May 24, 2022
Passwords transmitted in plain text by Jenkins Artifactory Plugin
Low
CVE-2020-2165
was published
for
org.jenkins-ci.plugins:artifactory
(Maven)
May 24, 2022
Jenkins Twitter Plugin stores credentials in plain text
Low
CVE-2019-10313
was published
for
org.jenkins-ci.plugins:twitter
(Maven)
May 24, 2022
Client secret transmitted in plain text by Azure AD Plugin
Low
CVE-2020-2119
was published
for
org.jenkins-ci.plugins:azure-ad
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API