Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+

251 advisories

Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource Low
CVE-2018-1999037 was published for org.jenkins-ci.plugins:resource-disposer (Maven) May 14, 2022
CSRF vulnerability in Amazon EC2 Plugin Low
CVE-2020-2186 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault
ActiveMQ's OpenWire protocol exposes certain system details as plain text Low
CVE-2017-15709 was published for org.apache.activemq:activemq-openwire-generator (Maven) May 13, 2022
sunSUNQ
Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials Low
CVE-2019-10398 was published for org.jenkins-ci.plugins:beaker-builder (Maven) May 24, 2022
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration Low
CVE-2020-2114 was published for org.jenkins-ci.plugins:s3 (Maven) May 24, 2022
NotMyFault
Client Spoofing within the Keycloak Device Authorisation Grant Low
CVE-2023-2585 was published for org.keycloak:keycloak-server-spi-private (Maven) Jun 30, 2023
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin Low
CVE-2022-23106 was published for io.jenkins:configuration-as-code (Maven) Jan 21, 2022
NotMyFault westonsteimel
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted Low
CVE-2022-36901 was published for org.jenkins-ci.plugins:http_request (Maven) Jul 28, 2022
NotMyFault
Incorrect Authorization in Jenkins Core Low
CVE-2023-27903 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Jenkins GitHub plugin uses weak webhook signature function Low
CVE-2022-36885 was published for com.coravy.hudson.plugins.github:github (Maven) Jul 28, 2022
westonsteimel NotMyFault
Information disclosure through error stack traces related to agents Low
CVE-2023-27904 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Non-constant time webhook token comparison in Jenkins GitLab Plugin Low
CVE-2022-43411 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Oct 19, 2022
NotMyFault
Apache Tomcat Path Traversal Vulnerability Low
CVE-2007-5461 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Information leak in Gerrit Low
CVE-2020-8920 was published for com.google.gerrit:gerrit-plugin-api (Maven) May 24, 2022
q5438722
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled Low
CVE-2011-4457 was published for com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (Maven) May 17, 2022
Jetty's OpenId Revoked authentication allows one request Low
CVE-2023-41900 was published for org.eclipse.jetty:jetty-openid (Maven) Sep 15, 2023
andrewmcguinness
nvdApiKey is logged in debug mode Low
GHSA-qqhq-8r2c-c3f5 was published for org.owasp:dependency-check-ant (Maven) Dec 15, 2023
hott-box
CSRF vulnerability in Jenkins Frugal Testing Plugin Low
CVE-2023-41946 was published for io.jenkins.plugins:frugal-testing (Maven) Sep 6, 2023
Potential leak of credentials in Micro Focus Dimensions CM Jenkins Plugin Low
CVE-2023-32263 was published for org.jenkins-ci.plugins:dimensionsscm (Maven) Jul 19, 2023
CSRF vulnerability in Synopsys Jenkins Coverity Plugin Low
CVE-2023-23847 was published for org.jenkins-ci.plugins:synopsys-coverity (Maven) Feb 15, 2023
Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin Low
CVE-2024-23903 was published for io.jenkins.plugins:gitlab-branch-source (Maven) Jan 24, 2024
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender Low
CVE-2020-9488 was published for org.apache.logging.log4j:log4j (Maven) Jun 5, 2020
DmitriyLewen
Apache Tomcat information disclosure vulnerability Low
CVE-2008-4308 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
Spring Cloud Contract vulnerable to local information disclosure Low
CVE-2024-22236 was published for org.springframework.cloud:spring-cloud-contract-shade (Maven) Jan 31, 2024
Apache Solr Schema Designer blindly "trusts" all configsets Low
CVE-2023-50292 was published for org.apache.solr:solr-core (Maven) Feb 9, 2024
ProTip! Advisories are also available from the GraphQL API