Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,431 advisories

Plone Unauthorized Access Vulnerability Moderate
CVE-2017-1000483 was published for plone (pip) May 13, 2022
Electron vulnerable to URL spoofing via PDFium Moderate
CVE-2017-1000424 was published for Electron (npm) May 13, 2022
jhutchings1
fs-git command injection vulnerability High
CVE-2017-1000451 was published for fs-git (npm) May 13, 2022
Jenkins Build-Publisher plugin has Insufficiently Protected Credentials High
CVE-2017-1000387 was published for org.jenkins-ci.plugins:build-publisher (Maven) May 13, 2022
Arbitrary code execution vulnerability in Jenkins Speaks! Plugin High
CVE-2017-1000403 was published for org.jvnet.hudson.plugins:speaks (Maven) May 13, 2022
OpenDaylight NULL Pointer Dereference Moderate
CVE-2017-1000360 was published for org.opendaylight.controller:releasepom (Maven) May 13, 2022
OpenDaylight Controller DoS High
CVE-2017-1000361 was published for org.opendaylight.controller:releasepom (Maven) May 13, 2022
alchemist.vim vulnerable to remote code execution Critical
CVE-2017-1000212 was published for alchemist.vim (Erlang) May 13, 2022
Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext Critical
CVE-2017-1000245 was published for org.jenkins-ci.plugins:ssh (Maven) May 13, 2022
PIDUsage Enables OS Command Injection Critical
CVE-2017-1000220 was published for pidusage (npm) May 13, 2022
Opencast has Incorrect Permission Assignment Moderate
CVE-2017-1000221 was published for org.opencastproject:opencast-kernel (Maven) May 13, 2022
Improper Authentication in Jenkins Blue Ocean Plugin High
CVE-2017-1000106 was published for io.jenkins.blueocean:blueocean (Maven) May 13, 2022
Sandbox bypass in Jenkins Script Security Plugin sandbox bypass High
CVE-2017-1000107 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
Improper Authentication in Jenkins Blue Ocean Plugin Moderate
CVE-2017-1000110 was published for io.jenkins.blueocean:blueocean (Maven) May 13, 2022
Parameterized Trigger Plugin fails to check Item/Build permission Moderate
CVE-2017-1000084 was published for org.jenkins-ci.plugins:parameterized-trigger (Maven) May 13, 2022
Improper Privilege Management in Jenkins Config File Provider Plugin Moderate
CVE-2017-1000104 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 13, 2022
Mercurial is vulnerable to shell injection attack Critical
CVE-2017-1000116 was published for mercurial (pip) May 13, 2022
Arbitrary code execution due to incomplete sandbox protection in Jenkins Pipeline High
CVE-2017-1000096 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 13, 2022
Sensitive Cookie Without HttpOnly and Secure Flag High
CVE-2017-1000046 was published for mautic/core (Composer) May 13, 2022
Jenkins Build Step Plugin fails to check Item/Build permission Moderate
CVE-2017-1000089 was published for org.jenkins-ci.plugins:pipeline-build-step (Maven) May 13, 2022
Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin Moderate
CVE-2017-1000095 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
Tryton Information Disclosure Vulnerability Moderate
CVE-2017-0360 was published for trytond (pip) May 13, 2022
Anchor CMS Logs Credentials Critical
CVE-2018-7251 was published for anchorcms/anchor-cms (Composer) May 13, 2022
Yab Quarx persistent cross-site scripting vulnerability Moderate
CVE-2018-7274 was published for yab/quarx (Composer) May 13, 2022
JBossWS vulnerable to uncontrolled recursion Low
CVE-2011-1483 was published for org.jboss.ws:jbossws-common (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API