GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,348
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,659 advisories
Filter by severity
Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10413
was published
for
com.datatheorem.mobileappsecurity.jenkins.plugin:datatheorem-mobile-app-security
(Maven)
May 24, 2022
Missing permission check in Jenkins Project Inheritance Plugin
Moderate
CVE-2019-10409
was published
for
hudson.plugins:project-inheritance
(Maven)
May 24, 2022
Jenkins Log Parser Plugin vulnerable to Cross-site Scripting
Moderate
CVE-2019-10410
was published
for
org.jenkins-ci.plugins:log-parser
(Maven)
May 24, 2022
Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information
Low
CVE-2019-10412
was published
for
com.inedo.proget:inedo-proget
(Maven)
May 24, 2022
Yii Framework Code Injection
High
CVE-2018-8074
was published
for
yiisoft/yii2-dev
(Composer)
May 24, 2022
Devise Token Auth vulnerable to Cross-site Scripting
Moderate
CVE-2019-16751
was published
for
devise_token_auth
(RubyGems)
May 24, 2022
Joomla! XSS in Default Templates
Moderate
CVE-2019-16725
was published
for
joomla/joomla-cms
(Composer)
May 24, 2022
Use of Insufficiently Random Values in Apereo CAS
High
CVE-2019-10754
was published
for
org.apereo.cas:cas-server-core-services-api
(Maven)
May 24, 2022
Cross-site Scripting in Apache JSPWiki
Moderate
CVE-2019-12407
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
May 24, 2022
Home Assistant information disclosure vulnerability
High
CVE-2018-21019
was published
for
homeassistant
(pip)
May 24, 2022
Pagekit User enumeration
Moderate
CVE-2019-16669
was published
for
pagekit/pagekit
(Composer)
May 24, 2022
Drupal Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2019-6341
was published
for
drupal/core
(Composer)
May 24, 2022
Use of a weak cryptographic algorithm in Gradle
Low
CVE-2019-16370
was published
for
org.gradle:gradle-core
(Maven)
May 24, 2022
Pimcore RCE via PHAR upload
High
CVE-2019-16317
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
Pimcore Unrestricted Upload of File with Dangerous Type
High
CVE-2019-16318
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields
Low
CVE-2019-10397
was published
for
org.jenkins-ci.plugins:aqua-serverless
(Maven)
May 24, 2022
Jenkins Build Environment Plugin vulnerable to Cross-site Scripting
Moderate
CVE-2019-10395
was published
for
org.jenkins-ci.plugins:build-environment
(Maven)
May 24, 2022
Jenkins Dashboard View Plugin vulnerable to Cross-site Scripting
Moderate
CVE-2019-10396
was published
for
org.jenkins-ci.plugins:dashboard-view
(Maven)
May 24, 2022
Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials
Low
CVE-2019-10398
was published
for
org.jenkins-ci.plugins:beaker-builder
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin
Moderate
CVE-2019-10394
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin
Moderate
CVE-2019-10399
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin
Moderate
CVE-2019-10400
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin
High
CVE-2019-10392
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
Moderate
CVE-2019-10393
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API