Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,873 advisories

Jenkins Cross-Site Request Forgery vulnerabilities Moderate
CVE-2013-2034 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
OpenStack Neutron Race condition vulnerability Low
CVE-2015-5240 was published for neutron (pip) May 17, 2022
Jenkins Cross-site Scripting vulnerability Moderate
CVE-2015-1812 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2014-3680 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs Moderate
CVE-2014-3663 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2014-3662 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins improperly ensures trust separation Moderate
CVE-2014-3665 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Improper Neutralization of Input During Web Page Generation in Jenkins Moderate
CVE-2015-7536 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins Denial of Service vulnerability Moderate
CVE-2014-3661 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows attackers to obtain sensitive information Low
CVE-2014-2068 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins session fixation vulnerability Moderate
CVE-2014-2066 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins cross-site scripting (XSS) vulnerability Moderate
CVE-2014-2065 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins allows attackers to determine whether a user exists Moderate
CVE-2014-2064 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins does not invalidate the API token when a user is deleted Moderate
CVE-2014-2062 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkin allows attackers to obtain passwords by reading the HTML source code Moderate
CVE-2014-2061 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins allows attackers to configure restricted projects Moderate
CVE-2013-7330 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins allows attackers to execute arbitrary jobs Moderate
CVE-2014-2058 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Symfony Cryptographic Vulnerability High
CVE-2016-1902 was published for symfony/security (Composer) May 17, 2022
Symphony Denial of Service Via Overlong Usernames High
CVE-2016-4423 was published for symfony/security (Composer) May 17, 2022
Drupal arbitrary code execution High
CVE-2016-3171 was published for drupal/core (Composer) May 17, 2022
Missing Cryptographic Step in OWASP Enterprise Security API for Java Low
CVE-2013-5679 was published for org.owasp.esapi:esapi (Maven) May 17, 2022
MarkLee131
Drupal File upload access bypass and denial of service High
CVE-2016-3162 was published for drupal/core (Composer) May 17, 2022
TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers High
CVE-2015-5271 was published for tripleo-heat-templates (pip) May 17, 2022
Cross-site Scripting in Apache Jetspeed Moderate
CVE-2016-0712 was published for org.apache.portals.jetspeed-2:jetspeed (Maven) May 17, 2022
Path Traversal in Apache Jetspeed High
CVE-2016-0709 was published for org.apache.portals.jetspeed-2:jetspeed (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API