GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,030
Erlang
29
GitHub Actions
17
Go
1,837
Maven
5,000+
npm
3,575
NuGet
634
pip
3,161
Pub
10
RubyGems
849
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+
257 advisories
Filter by severity
Insecure temporary file usage in Jenkins Git Client Plugin
Low
CVE-2017-1000242
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
May 17, 2022
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin
Low
CVE-2022-27206
was published
for
org.jenkins-ci.plugins:gitlab-oauth
(Maven)
Mar 16, 2022
Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted
Low
CVE-2022-41247
was published
for
org.jenkins-ci.plugins:bigpanda-jenkins
(Maven)
Sep 22, 2022
Token stored in plain text by Jenkins Cisco Spark Plugin
Low
CVE-2022-34808
was published
for
org.jenkins-ci.plugins:cisco-spark
(Maven)
Jul 1, 2022
Jenkins BigPanda Notifier Plugin Missing Password Field Masking
Low
CVE-2022-41248
was published
for
org.jenkins-ci.plugins:bigpanda-jenkins
(Maven)
Sep 22, 2022
AWS secrets displayed without masking by Jenkins S3 Explorer Plugin
Low
CVE-2022-43426
was published
for
io.jenkins.plugins:s3explorer
(Maven)
Oct 19, 2022
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin
Low
CVE-2022-43412
was published
for
org.jenkins-ci.plugins:generic-webhook-trigger
(Maven)
Oct 19, 2022
Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19
Low
CVE-2021-33604
was published
for
com.vaadin:vaadin-bom
(Maven)
Jun 28, 2021
Cross-site Scripting in Wildfly
Low
CVE-2021-3536
was published
for
org.wildfly:wildfly-parent
(Maven)
May 25, 2021
SessionListener can prevent a session from being invalidated breaking logout
Low
CVE-2021-34428
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Jun 23, 2021
Cross-site scripting in Apache Syncome EndUser
Low
CVE-2019-17557
was published
for
org.apache.syncope.client:syncope-client-enduser
(Maven)
Jan 6, 2022
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
Low
CVE-2018-25007
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Data Amplification in Play Framework
Low
CVE-2020-28923
was published
for
com.typesafe.play:play
(Maven)
Feb 9, 2022
Directory exposure in jetty
Low
CVE-2021-28163
was published
for
org.eclipse.jetty:jetty-deploy
(Maven)
Apr 6, 2021
It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro
Low
CVE-2021-21379
was published
for
org.xwiki.platform:xwiki-platform-rendering-wikimacro-store
(Maven)
Mar 23, 2021
Insecure temporary file used in com.squareup:connect
Low
CVE-2021-23331
was published
for
com.squareup:connect
(Maven)
Jun 16, 2021
Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory
Low
CVE-2021-21363
was published
for
io.swagger:swagger-codegen
(Maven)
Mar 11, 2021
Users with SCRIPT right can execute arbitrary code in XWiki
Low
CVE-2020-15171
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 10, 2020
Cross-site Scripting in Apache Struts
Low
CVE-2011-1772
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password
Low
CVE-2018-1000608
was published
for
org.jenkins-ci.plugins:zos-connector
(Maven)
May 13, 2022
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack
Low
CVE-2019-11808
was published
for
io.ratpack:ratpack-groovy
(Maven)
May 14, 2019
Local Information Disclosure Vulnerability
Low
CVE-2021-21331
was published
for
com.datadoghq:datadog-api-client
(Maven)
Mar 3, 2021
Spring Data REST can expose hidden entity attributes
Low
CVE-2022-31679
was published
for
org.springframework.data:spring-data-rest-core
(Maven)
Sep 22, 2022
Denial of Service via stack overflow
Low
CVE-2022-40154
was published
for
com.fasterxml.woodstox:woodstox-core
(Maven)
Sep 17, 2022
•
withdrawn
Denial of Service via stack overflow
Low
CVE-2022-40155
was published
for
com.fasterxml.woodstox:woodstox-core
(Maven)
Sep 17, 2022
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API