Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
Information leak in Gerrit Low
CVE-2020-8920 was published for com.google.gerrit:gerrit-plugin-api (Maven) May 24, 2022
q5438722
Jenkins build-metrics Plugin reflected cross-site scripting vulnerability Moderate
CVE-2019-10475 was published for org.jenkins-ci.plugins:build-metrics (Maven) May 24, 2022
q5438722
User confusion in IronJacamar Moderate
CVE-2012-3428 was published for org.jboss.ironjacamar:ironjacamar-jdbc (Maven) May 17, 2022
q5438722
Apache Rave information disclosure vulnerability Moderate
CVE-2013-1814 was published for org.apache.rave:rave-core (Maven) May 17, 2022
q5438722
Code injection via property expansion in SoapUI High
CVE-2014-1202 was published for com.smartbear.soapui:soapui (Maven) May 17, 2022
q5438722
Shell command injection in Liferay Portal High
CVE-2010-5327 was published for com.liferay.portal:portal-impl (Maven) May 17, 2022
q5438722
Cross-site scripting in yui 2.4.0 Moderate
CVE-2012-5881 was published for yui2 (npm) May 17, 2022
q5438722
Denial of service in Apache Tomcat Moderate
CVE-2014-0095 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 17, 2022
q5438722 sunSUNQ
MitM on Jenkins Maven Plugin Moderate
CVE-2017-1000397 was published for org.jenkins-ci.main:maven-plugin (Maven) May 14, 2022
q5438722
XML External Entity Reference in weixin-java-tools Critical
CVE-2019-5312 was published for com.github.binarywang:weixin-java-common (Maven) May 14, 2022
q5438722
Jenkins Black Duck Detect Plugin information exposure vulnerability Moderate
CVE-2018-1000191 was published for com.synopsys.integration:synopsys-detect (Maven) May 14, 2022
q5438722
Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials Moderate
CVE-2018-1000057 was published for org.jenkins-ci.plugins:credentials-binding (Maven) May 13, 2022
q5438722
Cross-site Scripting in Pivotal Spring Batch Admin Moderate
CVE-2018-1229 was published for org.springframework.batch:spring-batch-admin-manager (Maven) May 13, 2022
q5438722
Elasticsearch subject to cross site scripting Moderate
CVE-2018-3824 was published for org.elasticsearch:elasticsearch (Maven) May 13, 2022
q5438722
Cross-Site Request Forgery in Apache CXF Fediz High
CVE-2017-7662 was published for org.apache.cxf.fediz:fediz-oidc (Maven) May 13, 2022
q5438722
Issuer validation regression in Spring Cloud SSO Connector High
CVE-2018-1256 was published for io.pivotal.spring.cloud:spring-cloud-sso-connector (Maven) May 13, 2022
q5438722 MarkLee131
ProTip! Advisories are also available from the GraphQL API