GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+
1,629 advisories
Filter by severity
Jenkins affected by Open Redirect Vulnerability
Low
CVE-2012-6073
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Jenkins allows Cross-Site Scripting (XSS)
Low
CVE-2012-6074
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
phpMyAdmin cross-site scripting vulnerability in crafted view name
Low
CVE-2014-5274
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Ansible uses a socket with predictable filename in /tmp
Low
CVE-2013-4259
was published
for
Ansible
(pip)
May 14, 2022
OpenStack Nova live snapshots use an insecure local directory
Low
CVE-2013-7048
was published
for
nova
(pip)
May 14, 2022
OpenStack Oslo utility sensitive information exposure via log files
Low
CVE-2014-7231
was published
for
oslo.utils
(pip)
May 14, 2022
Caddy allows enumeration of Certificates and Hostnames
Low
CVE-2018-19148
was published
for
github.com/caddyserver/caddy
(Go)
May 14, 2022
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
Low
CVE-2010-3718
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Input Validation in Jenkins
Low
CVE-2017-1000401
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata
Low
CVE-2015-1426
was published
for
facter
(RubyGems)
May 14, 2022
Puppet Denial of Service and Arbitrary File Write
Low
CVE-2012-1987
was published
for
puppet
(RubyGems)
May 14, 2022
Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log
Low
CVE-2018-1999036
was published
for
org.jenkins-ci.plugins:ssh-agent
(Maven)
May 13, 2022
Cloudtoken Insufficiently Protects Credentials
Low
CVE-2018-13390
was published
for
cloudtoken
(pip)
May 13, 2022
Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password
Low
CVE-2018-1000608
was published
for
org.jenkins-ci.plugins:zos-connector
(Maven)
May 13, 2022
Jenkins Coverity Plugin has Insufficiently Protected Credentials
Low
CVE-2018-1000104
was published
for
org.jenkins-ci.plugins:coverity
(Maven)
May 13, 2022
MySQL Connectors Privilege Escalation
Low
CVE-2017-3590
was published
for
mysql-connector-python
(pip)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java
Low
CVE-2017-3589
was published
for
mysql:mysql-connector-java
(Maven)
May 13, 2022
Nimbus JOSE+JWT vulnerable to padding oracle attack
Low
CVE-2017-12973
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
May 13, 2022
JBossWS vulnerable to uncontrolled recursion
Low
CVE-2011-1483
was published
for
org.jboss.ws:jbossws-common
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Low
CVE-2017-2603
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins-mailer-plugin
Low
CVE-2017-2651
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
May 13, 2022
Piwik (now Matomo) Vulnerable to Cross-Site Scripting (XSS)
Low
CVE-2013-1844
was published
for
matomo/matomo
(Composer)
May 13, 2022
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
Low
CVE-2015-5318
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Jenkins allows Cross-Site Scripting (XSS)
Low
CVE-2015-5326
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
PHPUnit extension for TYPO3 vulnerable to Cross-site Scripting
Low
CVE-2013-4744
was published
for
oliverklee/phpunit
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API