Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,987
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

249 advisories

Incorrect Authorization in Jenkins Core Low
CVE-2023-27903 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Information disclosure through error stack traces related to agents Low
CVE-2023-27904 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions Low
CVE-2023-0481 was published for io.quarkus.resteasy.reactive:resteasy-reactive-common (Maven) Feb 24, 2023
joshbressers
CSRF vulnerability in Synopsys Jenkins Coverity Plugin Low
CVE-2023-23847 was published for org.jenkins-ci.plugins:synopsys-coverity (Maven) Feb 15, 2023
hutool-json vulnerable to memory exhaustion Low
CVE-2022-45689 was published for cn.hutool:hutool-json (Maven) Dec 13, 2022
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
JLLeitschuh jkmartindale
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin Low
CVE-2022-43412 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) Oct 19, 2022
NotMyFault
Non-constant time webhook token comparison in Jenkins GitLab Plugin Low
CVE-2022-43411 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Oct 19, 2022
NotMyFault
AWS secrets displayed without masking by Jenkins S3 Explorer Plugin Low
CVE-2022-43426 was published for io.jenkins.plugins:s3explorer (Maven) Oct 19, 2022
NotMyFault
Apache Tomcat Race Condition vulnerability Low
CVE-2021-43980 was published for org.apache.tomcat:tomcat (Maven) Sep 29, 2022
sunSUNQ
Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted Low
CVE-2022-41247 was published for org.jenkins-ci.plugins:bigpanda-jenkins (Maven) Sep 22, 2022
NotMyFault
API token stored in plain text by Jenkins CONS3RT Plugin Low
CVE-2022-41255 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
Jenkins BigPanda Notifier Plugin Missing Password Field Masking Low
CVE-2022-41248 was published for org.jenkins-ci.plugins:bigpanda-jenkins (Maven) Sep 22, 2022
NotMyFault
Spring Data REST can expose hidden entity attributes Low
CVE-2022-31679 was published for org.springframework.data:spring-data-rest-core (Maven) Sep 22, 2022
Denial of Service due to parser crash Low
CVE-2022-40156 was published for com.fasterxml.woodstox:woodstox-core (Maven) Sep 17, 2022 withdrawn
Denial of Service via stack overflow Low
CVE-2022-40155 was published for com.fasterxml.woodstox:woodstox-core (Maven) Sep 17, 2022 withdrawn
Denial of Service via stack overflow Low
CVE-2022-40154 was published for com.fasterxml.woodstox:woodstox-core (Maven) Sep 17, 2022 withdrawn
Duplicate Advisory: Denial of Service due to parser crash Low
GHSA-3mq5-fq9h-gj7j was published for com.thoughtworks.xstream:xstream (Maven) Sep 17, 2022 withdrawn
wilx kurt-r2c
wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault Low
CVE-2021-3644 was published for org.wildfly.core:wildfly-server (Maven) Aug 27, 2022
RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin Low
CVE-2022-38665 was published for org.jenkins-ci.plugins:collabnet (Maven) Aug 24, 2022
NotMyFault
Jenkins GitHub plugin uses weak webhook signature function Low
CVE-2022-36885 was published for com.coravy.hudson.plugins.github:github (Maven) Jul 28, 2022
westonsteimel NotMyFault
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted Low
CVE-2022-36901 was published for org.jenkins-ci.plugins:http_request (Maven) Jul 28, 2022
NotMyFault
Jetty invalid URI parsing may produce invalid HttpURI.authority Low
CVE-2022-2047 was published for org.eclipse.jetty:jetty-http (Maven) Jul 7, 2022
rafax00
Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin Low
CVE-2022-34807 was published for org.jenkins-ci.plugins:elasticsearch-query (Maven) Jul 1, 2022
NotMyFault
Passwords stored in plain text by Jenkins hpe-network-virtualization plugin Low
CVE-2022-34816 was published for org.jenkins-ci.plugins:hpe-network-virtualization (Maven) Jul 1, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API