GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,873 advisories
Filter by severity
Jenkins Cross-Site Request Forgery vulnerabilities
Moderate
CVE-2013-2034
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
OpenStack Neutron Race condition vulnerability
Low
CVE-2015-5240
was published
for
neutron
(pip)
May 17, 2022
Jenkins Cross-site Scripting vulnerability
Moderate
CVE-2015-1812
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2014-3680
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs
Moderate
CVE-2014-3663
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2014-3662
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins improperly ensures trust separation
Moderate
CVE-2014-3665
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in Jenkins
Moderate
CVE-2015-7536
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins Denial of Service vulnerability
Moderate
CVE-2014-3661
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins allows attackers to obtain sensitive information
Low
CVE-2014-2068
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins session fixation vulnerability
Moderate
CVE-2014-2066
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins cross-site scripting (XSS) vulnerability
Moderate
CVE-2014-2065
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins allows attackers to determine whether a user exists
Moderate
CVE-2014-2064
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins does not invalidate the API token when a user is deleted
Moderate
CVE-2014-2062
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkin allows attackers to obtain passwords by reading the HTML source code
Moderate
CVE-2014-2061
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins allows attackers to configure restricted projects
Moderate
CVE-2013-7330
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins allows attackers to execute arbitrary jobs
Moderate
CVE-2014-2058
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Symfony Cryptographic Vulnerability
High
CVE-2016-1902
was published
for
symfony/security
(Composer)
May 17, 2022
Symphony Denial of Service Via Overlong Usernames
High
CVE-2016-4423
was published
for
symfony/security
(Composer)
May 17, 2022
Drupal arbitrary code execution
High
CVE-2016-3171
was published
for
drupal/core
(Composer)
May 17, 2022
Missing Cryptographic Step in OWASP Enterprise Security API for Java
Low
CVE-2013-5679
was published
for
org.owasp.esapi:esapi
(Maven)
May 17, 2022
Drupal File upload access bypass and denial of service
High
CVE-2016-3162
was published
for
drupal/core
(Composer)
May 17, 2022
TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers
High
CVE-2015-5271
was published
for
tripleo-heat-templates
(pip)
May 17, 2022
Cross-site Scripting in Apache Jetspeed
Moderate
CVE-2016-0712
was published
for
org.apache.portals.jetspeed-2:jetspeed
(Maven)
May 17, 2022
Path Traversal in Apache Jetspeed
High
CVE-2016-0709
was published
for
org.apache.portals.jetspeed-2:jetspeed
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API