GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
77 advisories
Filter by severity
MS Basic Cross-site Scripting vulnerability
Moderate
CVE-2024-33748
was published
for
net.mingsoft:ms-basic
(Maven)
May 7, 2024
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
Moderate
Unreviewed
CVE-2024-31139
was published
Mar 28, 2024
Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project
Low
CVE-2024-20925
was published
for
org.openjfx:javafx-media
(Maven)
Feb 17, 2024
Insertion of Sensitive Information into Log File in OWASP DependencyCheck
Moderate
CVE-2024-23686
was published
for
org.owasp:dependency-check-ant
(Maven)
Jan 20, 2024
XWiki vulnerable to Denial of Service attack through attachments
High
CVE-2024-21651
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
Jan 8, 2024
Apache StreamPark: Authenticated system users could trigger remote command execution
Critical
CVE-2023-49898
was published
for
org.apache.streampark:streampark
(Maven)
Dec 15, 2023
Arbitrary File Overwrite in Eclipse JGit
High
CVE-2023-4759
was published
for
org.eclipse.jgit:org.eclipse.jgit
(Maven)
Sep 18, 2023
Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin
Moderate
CVE-2023-41934
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
Sep 6, 2023
Apache Ivy External Entity Reference vulnerability
High
CVE-2022-46751
was published
for
org.apache.ivy:ivy
(Maven)
Aug 21, 2023
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin vulnerable to exposure of system-scoped credentials
Moderate
CVE-2023-40347
was published
for
org.jenkins-ci.plugins:maven-artifact-choicelistprovider
(Maven)
Aug 16, 2023
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be...
High
Unreviewed
CVE-2022-48431
was published
Jul 6, 2023
Stored XSS vulnerability in Jenkins Maven Repository Server Plugin
Moderate
CVE-2023-35143
was published
for
jenkins:repository
(Maven)
Jun 14, 2023
Stored XSS vulnerability in Jenkins Maven Repository Server Plugin
Moderate
CVE-2023-35144
was published
for
jenkins:repository
(Maven)
Jun 14, 2023
XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference
High
CVE-2023-27480
was published
for
org.xwiki.platform:xwiki-platform-xar-model
(Maven)
Mar 8, 2023
Stored XSS vulnerability in Jenkins Maven Metadata Plugin for Jenkins CI server plugin
High
CVE-2022-36905
was published
for
eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin
(Maven)
Jul 28, 2022
skylot jadx affected by Incorrect Behavior Order in vulnerable dependency
Moderate
GHSA-fjh6-p566-wr6q
was published
for
io.github.skylot:jadx-core
(Maven)
Jul 21, 2022
Cross-site Scripting in Jenkins Maven Metadata Plugin
High
CVE-2022-34190
was published
for
eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin
(Maven)
Jun 24, 2022
Cross-site Scripting in Jenkins Repository Connector Plugin
High
CVE-2022-34195
was published
for
org.jenkins-ci.plugins:repository-connector
(Maven)
Jun 24, 2022
XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin
High
CVE-2019-10327
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
May 24, 2022
Cross-site request forgery vulnerability in Jenkins Artifactory Plugin
Moderate
CVE-2019-10324
was published
for
org.jenkins-ci.plugins:artifactory
(Maven)
May 24, 2022
XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin
High
CVE-2021-21642
was published
for
org.jenkins-ci.plugins:config-file-provider
(Maven)
May 24, 2022
Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
High
Unreviewed
CVE-2021-28472
was published
May 24, 2022
A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent...
Moderate
Unreviewed
CVE-2021-26719
was published
May 24, 2022
fabric8-maven-plugin: insecure way to construct Yaml Object leading to remote code execution
High
CVE-2020-10721
was published
for
io.fabric8:fabric8-maven-plugin
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Maven Cascade Release Plugin
Moderate
CVE-2020-2295
was published
for
com.barchart.jenkins:maven-release-cascade
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API