Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,872
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,951
npm
3,481
NuGet
605
pip
3,047
Pub
10
RubyGems
832
Rust
777
Swift
34
Unreviewed advisories
All unreviewed
5,000+

261 advisories

Exposure of Sensitive Information in Jenkins Core Moderate
CVE-2016-3723 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Apache Geode gfsh authorization vulnerability High
CVE-2017-12622 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Apache Geode OQL bind parameter vulnerability Moderate
CVE-2017-9796 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Apache Sling JCR ContentLoader XmlReader Arbitrary File Load High
CVE-2012-3353 was published for org.apache.sling:org.apache.sling.jcr.contentloader (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor Jenkins Script Security Plugin Moderate
CVE-2017-1000505 was published for org.jenkins-ci.plugins:script-security (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt High
CVE-2014-9970 was published for org.jasypt:jasypt (Maven) May 14, 2022
Cloud Foundry UAA SessionID present in Audit Event Logs High
CVE-2018-1192 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 14, 2022
sunSUNQ
Apache Geode configuration request authorization vulnerability High
CVE-2017-15696 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users Low
CVE-2018-1000150 was published for org.jenkins-ci.plugins:reverse-proxy-auth-plugin (Maven) May 14, 2022
Jenkins Perforce Plugin exposure of sensitive information vulnerability exists Moderate
CVE-2018-1000147 was published for org.jvnet.hudson.plugins:perforce (Maven) May 14, 2022
Jenkins GitHub Pull Request Builder Plugin Low
CVE-2018-1000143 was published for org.jenkins-ci.plugins:ghprb (Maven) May 14, 2022
Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials Moderate
CVE-2018-1000142 was published for org.jenkins-ci.plugins:ghprb (Maven) May 14, 2022
Jenkins Copy To Slave Plugin allows access to arbitrary files on the Jenkins controller file system Moderate
CVE-2018-1000148 was published for org.jenkins-ci.plugins:copy-to-slave (Maven) May 14, 2022
Jenkins Email Extension Plugin showed plain text SMTP password in configuration form field Moderate
CVE-2018-1000176 was published for org.jenkins-ci.plugins:email-ext (Maven) May 14, 2022
Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability Moderate
CVE-2018-1000186 was published for org.jenkins-ci.plugin:ghprb (Maven) May 14, 2022
Exposure of Sensitive Information in Jenkins Kubernetes Plugin Moderate
CVE-2018-1000187 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) May 14, 2022
J3rry-1729
Jenkins GitHub Plugin exposure of sensitive information vulnerability exists Moderate
CVE-2018-1000183 was published for com.coravy.hudson.plugins.github:github (Maven) May 14, 2022
Jenkins Gitlab Hook Plugin stores and displays GitLab API token in plain text Moderate
CVE-2018-1000196 was published for org.jenkins-ci.ruby-plugins:gitlab-hook (Maven) May 14, 2022
Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin Moderate
CVE-2018-1000190 was published for com.blackducksoftware.integration:blackduck-hub (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin Moderate
CVE-2018-1000601 was published for org.jenkins-ci.plugins:credentials (Maven) May 14, 2022
Jenkins Configuration as Code Plugin vulnerable to Exposure of Sensitive Information Moderate
CVE-2018-1000609 was published for io.jenkins:configuration-as-code (Maven) May 14, 2022
Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key Low
CVE-2018-1999031 was published for org.jenkins-ci.plugins:meliora-testlab (Maven) May 14, 2022
Exposure of sensitive information vulnerability Moderate
CVE-2018-1999041 was published for com.tinfoilsecurity.plugins:tinfoil-scan (Maven) May 14, 2022
XWork in Apache Struts Reveals Sensitive Information Moderate
CVE-2011-2088 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post High
CVE-2016-0956 was published for org.apache.sling:org.apache.sling.servlets.post (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API