GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,361 advisories
Filter by severity
Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability
Moderate
CVE-2024-2215
was published
for
org.jenkins-ci.plugins:docker-build-step
(Maven)
Mar 6, 2024
Jenkins docker-build-step Plugin missing permission check
Moderate
CVE-2024-2216
was published
for
org.jenkins-ci.plugins:docker-build-step
(Maven)
Mar 6, 2024
Jenkins Delphix Plugin has improper SSL/TLS certificate validation
Moderate
CVE-2024-28162
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Mar 6, 2024
Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default
Moderate
CVE-2024-28161
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Mar 6, 2024
Jenkins Subversion Partial Release Manager Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2024-28158
was published
for
org.jenkins-ci.plugins:svn-partial-release-mgr
(Maven)
Mar 6, 2024
Jenkins AppSpider Plugin missing permission checks
Moderate
CVE-2024-28155
was published
for
com.rapid7:jenkinsci-appspider-plugin
(Maven)
Mar 6, 2024
Jenkins MQ Notifier Plugin exposes sensitive information in build logs
Moderate
CVE-2024-28154
was published
for
com.sonymobile.jenkins.plugins.mq:mq-notifier
(Maven)
Mar 6, 2024
Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests
Moderate
CVE-2024-28152
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Mar 6, 2024
Jenkins HTML Publisher Plugin Path traversal vulnerability
Moderate
CVE-2024-28151
was published
for
org.jenkins-ci.plugins:htmlpublisher
(Maven)
Mar 6, 2024
Apache Archiva Reflected Cross-site Scripting vulnerability
Moderate
CVE-2024-27140
was published
for
org.apache.archiva:archiva-common
(Maven)
Mar 1, 2024
Apache Ambari: Various Cross site scripting problems
Moderate
CVE-2023-50378
was published
for
org.apache.ambari:ambari
(Maven)
Mar 1, 2024
Apache Archiva Incorrect Authorization vulnerability
Moderate
CVE-2024-27139
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
Apache Archiva Incorrect Authorization vulnerability
Moderate
CVE-2024-27138
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Moderate
CVE-2024-31868
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
Apache Struts XSS
Moderate
CVE-2012-1007
was published
for
org.apache.struts:struts-core
(Maven)
May 14, 2022
Quarkus: security checks in resteasy reactive may trigger a denial of service
Moderate
CVE-2024-1726
was published
for
io.quarkus.resteasy.reactive:resteasy-reactive
(Maven)
Apr 25, 2024
Keycloak Authorization Bypass vulnerability
Moderate
CVE-2023-6544
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Keycloak vulnerable to session hijacking via re-authentication
Moderate
CVE-2023-6787
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Apache Tomcat Incomplete Cleanup vulnerability
Moderate
CVE-2023-42795
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 10, 2023
Keycloak secondary factor bypass in step-up authentication
Moderate
CVE-2023-3597
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Apache Tomcat Improper Input Validation vulnerability
Moderate
CVE-2023-45648
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 10, 2023
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-21733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 19, 2024
Keycloak users may be able to remove MFA from other users' devices
Moderate
CVE-2020-10686
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
Keycloak Insufficient Session Expiry
Moderate
CVE-2020-1724
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
Keycloak discloses information without authentication
Moderate
CVE-2020-27838
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API