GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,872
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,951
npm
3,481
NuGet
605
pip
3,047
Pub
10
RubyGems
832
Rust
777
Swift
34
Unreviewed advisories
All unreviewed
5,000+
261 advisories
Filter by severity
Exposure of Sensitive Information in Jenkins Core
Moderate
CVE-2016-3723
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Apache Geode gfsh authorization vulnerability
High
CVE-2017-12622
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Apache Geode OQL bind parameter vulnerability
Moderate
CVE-2017-9796
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Apache Sling JCR ContentLoader XmlReader Arbitrary File Load
High
CVE-2012-3353
was published
for
org.apache.sling:org.apache.sling.jcr.contentloader
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor Jenkins Script Security Plugin
Moderate
CVE-2017-1000505
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt
High
CVE-2014-9970
was published
for
org.jasypt:jasypt
(Maven)
May 14, 2022
Cloud Foundry UAA SessionID present in Audit Event Logs
High
CVE-2018-1192
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 14, 2022
Apache Geode configuration request authorization vulnerability
High
CVE-2017-15696
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
Low
CVE-2018-1000150
was published
for
org.jenkins-ci.plugins:reverse-proxy-auth-plugin
(Maven)
May 14, 2022
Jenkins Perforce Plugin exposure of sensitive information vulnerability exists
Moderate
CVE-2018-1000147
was published
for
org.jvnet.hudson.plugins:perforce
(Maven)
May 14, 2022
Jenkins GitHub Pull Request Builder Plugin
Low
CVE-2018-1000143
was published
for
org.jenkins-ci.plugins:ghprb
(Maven)
May 14, 2022
Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials
Moderate
CVE-2018-1000142
was published
for
org.jenkins-ci.plugins:ghprb
(Maven)
May 14, 2022
Jenkins Copy To Slave Plugin allows access to arbitrary files on the Jenkins controller file system
Moderate
CVE-2018-1000148
was published
for
org.jenkins-ci.plugins:copy-to-slave
(Maven)
May 14, 2022
Jenkins Email Extension Plugin showed plain text SMTP password in configuration form field
Moderate
CVE-2018-1000176
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
May 14, 2022
Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability
Moderate
CVE-2018-1000186
was published
for
org.jenkins-ci.plugin:ghprb
(Maven)
May 14, 2022
Exposure of Sensitive Information in Jenkins Kubernetes Plugin
Moderate
CVE-2018-1000187
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
May 14, 2022
Jenkins GitHub Plugin exposure of sensitive information vulnerability exists
Moderate
CVE-2018-1000183
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
May 14, 2022
Jenkins Gitlab Hook Plugin stores and displays GitLab API token in plain text
Moderate
CVE-2018-1000196
was published
for
org.jenkins-ci.ruby-plugins:gitlab-hook
(Maven)
May 14, 2022
Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin
Moderate
CVE-2018-1000190
was published
for
com.blackducksoftware.integration:blackduck-hub
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin
Moderate
CVE-2018-1000601
was published
for
org.jenkins-ci.plugins:credentials
(Maven)
May 14, 2022
Jenkins Configuration as Code Plugin vulnerable to Exposure of Sensitive Information
Moderate
CVE-2018-1000609
was published
for
io.jenkins:configuration-as-code
(Maven)
May 14, 2022
Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key
Low
CVE-2018-1999031
was published
for
org.jenkins-ci.plugins:meliora-testlab
(Maven)
May 14, 2022
Exposure of sensitive information vulnerability
Moderate
CVE-2018-1999041
was published
for
com.tinfoilsecurity.plugins:tinfoil-scan
(Maven)
May 14, 2022
XWork in Apache Struts Reveals Sensitive Information
Moderate
CVE-2011-2088
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
High
CVE-2016-0956
was published
for
org.apache.sling:org.apache.sling.servlets.post
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API