GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,431 advisories
Filter by severity
Plone Unauthorized Access Vulnerability
Moderate
CVE-2017-1000483
was published
for
plone
(pip)
May 13, 2022
Electron vulnerable to URL spoofing via PDFium
Moderate
CVE-2017-1000424
was published
for
Electron
(npm)
May 13, 2022
fs-git command injection vulnerability
High
CVE-2017-1000451
was published
for
fs-git
(npm)
May 13, 2022
Jenkins Build-Publisher plugin has Insufficiently Protected Credentials
High
CVE-2017-1000387
was published
for
org.jenkins-ci.plugins:build-publisher
(Maven)
May 13, 2022
Arbitrary code execution vulnerability in Jenkins Speaks! Plugin
High
CVE-2017-1000403
was published
for
org.jvnet.hudson.plugins:speaks
(Maven)
May 13, 2022
OpenDaylight NULL Pointer Dereference
Moderate
CVE-2017-1000360
was published
for
org.opendaylight.controller:releasepom
(Maven)
May 13, 2022
OpenDaylight Controller DoS
High
CVE-2017-1000361
was published
for
org.opendaylight.controller:releasepom
(Maven)
May 13, 2022
alchemist.vim vulnerable to remote code execution
Critical
CVE-2017-1000212
was published
for
alchemist.vim
(Erlang)
May 13, 2022
Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext
Critical
CVE-2017-1000245
was published
for
org.jenkins-ci.plugins:ssh
(Maven)
May 13, 2022
PIDUsage Enables OS Command Injection
Critical
CVE-2017-1000220
was published
for
pidusage
(npm)
May 13, 2022
Opencast has Incorrect Permission Assignment
Moderate
CVE-2017-1000221
was published
for
org.opencastproject:opencast-kernel
(Maven)
May 13, 2022
Improper Authentication in Jenkins Blue Ocean Plugin
High
CVE-2017-1000106
was published
for
io.jenkins.blueocean:blueocean
(Maven)
May 13, 2022
Sandbox bypass in Jenkins Script Security Plugin sandbox bypass
High
CVE-2017-1000107
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Improper Authentication in Jenkins Blue Ocean Plugin
Moderate
CVE-2017-1000110
was published
for
io.jenkins.blueocean:blueocean
(Maven)
May 13, 2022
Parameterized Trigger Plugin fails to check Item/Build permission
Moderate
CVE-2017-1000084
was published
for
org.jenkins-ci.plugins:parameterized-trigger
(Maven)
May 13, 2022
Improper Privilege Management in Jenkins Config File Provider Plugin
Moderate
CVE-2017-1000104
was published
for
org.jenkins-ci.plugins:config-file-provider
(Maven)
May 13, 2022
Mercurial is vulnerable to shell injection attack
Critical
CVE-2017-1000116
was published
for
mercurial
(pip)
May 13, 2022
Arbitrary code execution due to incomplete sandbox protection in Jenkins Pipeline
High
CVE-2017-1000096
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 13, 2022
Sensitive Cookie Without HttpOnly and Secure Flag
High
CVE-2017-1000046
was published
for
mautic/core
(Composer)
May 13, 2022
Jenkins Build Step Plugin fails to check Item/Build permission
Moderate
CVE-2017-1000089
was published
for
org.jenkins-ci.plugins:pipeline-build-step
(Maven)
May 13, 2022
Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin
Moderate
CVE-2017-1000095
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Tryton Information Disclosure Vulnerability
Moderate
CVE-2017-0360
was published
for
trytond
(pip)
May 13, 2022
Anchor CMS Logs Credentials
Critical
CVE-2018-7251
was published
for
anchorcms/anchor-cms
(Composer)
May 13, 2022
Yab Quarx persistent cross-site scripting vulnerability
Moderate
CVE-2018-7274
was published
for
yab/quarx
(Composer)
May 13, 2022
JBossWS vulnerable to uncontrolled recursion
Low
CVE-2011-1483
was published
for
org.jboss.ws:jbossws-common
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API