Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,348
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,659 advisories

Loading
sr_freecap for Typo3 RCE Vulnerability Critical
CVE-2019-16699 was published for sjbr/sr-freecap (Composer) May 24, 2022
Dolibarr ERP and CRM HTML Injection Moderate
CVE-2019-17223 was published for dolibarr/dolibarr (Composer) May 24, 2022
url_redirect for Typo3 SQLi Vulnerability High
CVE-2019-16682 was published for sfroemken/url_redirect (Composer) May 24, 2022
direct_mail for Typo3 sensitive data exposure Moderate
CVE-2019-16698 was published for directmailteam/direct-mail (Composer) May 24, 2022
Mulesoft Mule Unsafe Deserialization Critical
CVE-2019-13116 was published for org.mule.runtime:mule (Maven) May 24, 2022
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin Critical
CVE-2019-10458 was published for org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline (Maven) May 24, 2022
westonsteimel
Jenkins Delphix Plugin vulnerable to Cleartext credential storage High
CVE-2019-10453 was published for org.jenkins-ci.plugins:delphix (Maven) May 24, 2022
Jenkins Rundeck Plugin CSRF vulnerability Moderate
CVE-2019-10454 was published for org.jenkins-ci.plugins:rundeck (Maven) May 24, 2022
Jenkins Oracle Cloud Infrastructure Compute Classic Plugin cross-site request forgery vulnerability Moderate
CVE-2019-10456 was published for org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute-classic (Maven) May 24, 2022
Jenkins SOASTA CloudTest Plugin stores API token in plain text Moderate
CVE-2019-10451 was published for com.soasta.jenkins:cloudtest (Maven) May 24, 2022
Jenkins View26 Test-Reporting Plugin stores access token in plain text Moderate
CVE-2019-10452 was published for org.jenkins-ci.plugins:view26 (Maven) May 24, 2022
Missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin Moderate
CVE-2019-10457 was published for org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute-classic (Maven) May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin Low
CVE-2019-10450 was published for com.elasticbox.jenkins-ci.plugins:elasticbox (Maven) May 24, 2022
Jenkins Fortify on Demand Plugin stores credentials in plain text Moderate
CVE-2019-10449 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
Missing permission check in Jenkins Rundeck Plugin Moderate
CVE-2019-10455 was published for org.jenkins-ci.plugins:rundeck (Maven) May 24, 2022
Jenkins iceScrum Plugin vulnerable to Cross-site Request Forgery Moderate
CVE-2019-10441 was published for org.jenkins-ci.plugins:icescrum (Maven) May 24, 2022
Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification High
CVE-2019-10446 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin High
CVE-2019-10448 was published for jenkins.xtc:extensivetesting (Maven) May 24, 2022
Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation Moderate
CVE-2019-10444 was published for org.jenkins-ci.plugins:bumblebee (Maven) May 24, 2022
Jenkins iceScrum Plugin stores credentials in Cleartext High
CVE-2019-10443 was published for org.jenkins-ci.plugins:icescrum (Maven) May 24, 2022
Jenkins NeoLoad Plugin stores credentials in cleartext High
CVE-2019-10440 was published for org.jenkins-ci.plugins:neoload-jenkins-plugin (Maven) May 24, 2022
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin Moderate
CVE-2019-10436 was published for org.jenkins-ci.plugins:google-oauth-plugin (Maven) May 24, 2022
Jenkins iceScrum Plugin vulnerable to Missing Authorization Moderate
CVE-2019-10442 was published for org.jenkins-ci.plugins:icescrum (Maven) May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization Moderate
CVE-2019-10439 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
Jenkins Sofy.AI Plugin stores API token in plain text Moderate
CVE-2019-10447 was published for io.jenkins.plugins:sofy-ai (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database