GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
260 advisories
Filter by severity
Spring Data REST can expose hidden entity attributes
Low
CVE-2022-31679
was published
for
org.springframework.data:spring-data-rest-core
(Maven)
Sep 22, 2022
Denial of Service via stack overflow
Low
CVE-2022-40154
was published
for
com.fasterxml.woodstox:woodstox-core
(Maven)
Sep 17, 2022
•
withdrawn
Denial of Service due to parser crash
Low
CVE-2022-40156
was published
for
com.fasterxml.woodstox:woodstox-core
(Maven)
Sep 17, 2022
•
withdrawn
Denial of Service via stack overflow
Low
CVE-2022-40155
was published
for
com.fasterxml.woodstox:woodstox-core
(Maven)
Sep 17, 2022
•
withdrawn
wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault
Low
CVE-2021-3644
was published
for
org.wildfly.core:wildfly-server
(Maven)
Aug 27, 2022
User passwords stored in plain text by Jenkins EasyQA Plugin
Low
CVE-2022-34202
was published
for
com.geteasyqa:easyqa
(Maven)
Jun 24, 2022
Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text
Low
CVE-2022-34213
was published
for
org.jenkins-ci.plugins:squashtm-publisher
(Maven)
Jun 24, 2022
Password stored in plain text by Jenkins AppSpider Plugin
Low
CVE-2020-2314
was published
for
com.rapid7:jenkinsci-appspider-plugin
(Maven)
May 24, 2022
Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin
Low
CVE-2020-2319
was published
for
org.jenkins-ci.plugins:labmanager
(Maven)
May 24, 2022
Credentials transmitted in plain text by Repository Connector Plugin
Low
CVE-2020-2149
was published
for
org.jenkins-ci.plugins:repository-connector
(Maven)
May 24, 2022
Credentials transmitted in plain text by OpenShift Deployer Plugin
Low
CVE-2020-2155
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
May 24, 2022
Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2150
was published
for
org.jenkins-ci.plugins:sonar-quality-gates
(Maven)
May 24, 2022
Plaintext Storage in Jenkins Spira Importer Plugin
Low
CVE-2019-16543
was published
for
com.inflectra.spiratest.plugins:inflectra-spira-integration
(Maven)
May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin
Low
CVE-2019-10450
was published
for
com.elasticbox.jenkins-ci.plugins:elasticbox
(Maven)
May 24, 2022
Jenkins Quality Gates Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2151
was published
for
org.jenkins-ci.plugins:quality-gates
(Maven)
May 24, 2022
Use of a weak cryptographic algorithm in Gradle
Low
CVE-2019-16370
was published
for
org.gradle:gradle-core
(Maven)
May 24, 2022
Exposure of Sensitive Information in Jenkins Datadog plugin
Low
CVE-2017-1000114
was published
for
org.datadog.jenkins.plugins:datadog
(Maven)
May 17, 2022
OIDC Logout redirect in keycloak
Low
CVE-2020-10734
was published
for
org.keycloak:keycloak-oidc-client-adapter-pom
(Maven)
Apr 28, 2022
Privilege Context Switching Error in Elasticsearch
Low
CVE-2020-7020
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 18, 2021
Jetty invalid URI parsing may produce invalid HttpURI.authority
Low
CVE-2022-2047
was published
for
org.eclipse.jetty:jetty-http
(Maven)
Jul 7, 2022
Potential sensitive data exposure in applications using Vaadin 15
Low
CVE-2020-36319
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
hutool-json vulnerable to memory exhaustion
Low
CVE-2022-45689
was published
for
cn.hutool:hutool-json
(Maven)
Dec 13, 2022
Nimbus JOSE+JWT vulnerable to padding oracle attack
Low
CVE-2017-12973
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
May 13, 2022
JBossWS vulnerable to uncontrolled recursion
Low
CVE-2011-1483
was published
for
org.jboss.ws:jbossws-common
(Maven)
May 13, 2022
Credentials transmitted in plain text by Skytap Cloud CI Plugin
Low
CVE-2020-2157
was published
for
org.jenkins-ci.plugins:skytap
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API