Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,633
Erlang
34
GitHub Actions
25
Go
2,241
Maven
5,000+
npm
3,902
NuGet
701
pip
3,669
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,595 advisories

Loading
Jenkins allows Administrators to Access API Tokens Moderate
CVE-2015-5323 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2015-5320 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins Exposes Sensitive Information via API URL Moderate
CVE-2016-3727 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins allows HTTP Injection and Response Splitting Moderate
CVE-2012-6072 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins Extra Columns Plugin allows Cross-Site Scripting (XSS) Moderate
CVE-2016-3101 was published for org.jenkins-ci.plugins:extra-columns (Maven) May 13, 2022
Jenkins Image Gallery Plugin allows Path Traversal Moderate
CVE-2016-4987 was published for com.tupilabs.image_gallery:image-gallery (Maven) May 13, 2022
Jenkins allows Remote Users to Inject Build Parameters Moderate
CVE-2016-3721 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins Exposes Sensitive Information from Job Configuration Moderate
CVE-2016-3724 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins has CRLF Injection Vulnerability in the CLI Moderate
CVE-2016-0789 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins Monitoring Plugin Reveals Sensitive Information via Unspecified Pages Moderate
CVE-2014-3679 was published for org.jvnet.hudson.plugins:monitoring (Maven) May 17, 2022
Jenkins Exclusion Plugin allows Access to Resource Locks Moderate
CVE-2013-6373 was published for org.jenkins-ci.plugins:exclusion (Maven) May 17, 2022
Jenkins Monitoring Plugin allows Cross-Site Scripting (XSS) Moderate
CVE-2014-3678 was published for org.jvnet.hudson.plugins:monitoring (Maven) May 17, 2022
Jenkins allows for Privilege Escalation by Remote Authenticated Users Moderate
CVE-2015-1814 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation Moderate
CVE-2015-1810 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows for Privilege Escalation by Remote Authenticated Users Moderate
CVE-2015-1806 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code Moderate
CVE-2014-3667 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows for Code Execution via Crafted Packet to the CLI Moderate
CVE-2014-3666 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Vulnerable to Clickjacking Moderate
CVE-2014-2063 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows Remote Attackers to Hijack Sessions Moderate
CVE-2014-2060 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Subversion Plugin Stores Credentials with Base64 Encoding Moderate
CVE-2013-6372 was published for org.jenkins-ci.plugins:subversion (Maven) May 17, 2022
Jenkins SonarQube Plugin Stores Passwords in Cleartext Moderate
CVE-2013-5676 was published for org.jenkins-ci.plugins:sonar (Maven) May 17, 2022
Jenkins Zoom Plugin Stores Sensitive Information in Cleartext Moderate
CVE-2025-0142 was published for io.jenkins.plugins:zoom (Maven) Jan 30, 2025
Spring MVC controller vulnerable to a DoS attack Moderate
CVE-2024-38828 was published for org.springframework:spring-webmvc (Maven) Nov 18, 2024
ayamburg-panw Louis-Jones-Evri
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection Moderate
CVE-2025-27136 was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database