Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,676
Erlang
34
GitHub Actions
26
Go
2,263
Maven
5,000+
npm
3,915
NuGet
705
pip
3,686
Pub
12
RubyGems
916
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,615 advisories

Loading
Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin Moderate
CVE-2023-24425 was published for com.cloudbees.jenkins.plugins:kubernetes-credentials-provider (Maven) Jan 26, 2023
Jenkins Missing Permission Check Moderate
CVE-2025-31721 was published for org.jenkins-ci.main:jenkins-core (Maven) Apr 2, 2025
Jenkins Simple Queue Plugin Cross-Site Request Forgery (CSRF) Moderate
CVE-2025-31723 was published for io.jenkins.plugins:simple-queue (Maven) Apr 2, 2025
Jenkins monitor-remote-job Plugin Stores Passwords Unencrypted Moderate
CVE-2025-31725 was published for org.ukiuni.monitor-remote-job-plugin:monitor-remote-job (Maven) Apr 2, 2025
Jenkins Cadence vManager Plugin Stores Verisium Manager vAPI keys Unencrypted Moderate
CVE-2025-31724 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) Apr 2, 2025
Jenkins Stack Hammer Plugin Stores API Keys Unencrypted in Job `config.xml` Files Moderate
CVE-2025-31726 was published for org.jenkins-ci.plugins:stackhammer (Maven) Apr 2, 2025
Jenkins AsakusaSatellite Plugin Stores API Keys Unencrypted in Job `config.xml` Files Moderate
CVE-2025-31727 was published for org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin (Maven) Apr 2, 2025
Jenkins AsakusaSatellite Plugin Does not Mask API Keys via Job Configuration Form Moderate
CVE-2025-31728 was published for org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin (Maven) Apr 2, 2025
Apache Tomcat Reveals Path through Long URL Moderate
CVE-2001-0917 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
Tomcat uses trusted privileges when processing web.xml file Moderate
CVE-2003-0043 was published for org.apache.tomcat:tomcat (Maven) Apr 29, 2022
Apache Tomcat Leaks Information via Error Message Moderate
CVE-2002-2008 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
Apache Tomcat Leaks Pathname Information via Error Message Moderate
CVE-2002-2009 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
Apache Tomcat Reveals Directories Moderate
CVE-2006-3835 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value Moderate
CVE-2025-30373 was published for org.graylog2:graylog2-server (Maven) Apr 7, 2025
Elasticsearch stores private key on disk unencrypted Moderate
CVE-2024-23444 was published for org.elasticsearch:elasticsearch (Maven) Jul 31, 2024
Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function Moderate
CVE-2024-52980 was published for org.elasticsearch:elasticsearch (Maven) Apr 8, 2025
Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion Moderate
CVE-2024-52981 was published for org.elasticsearch:elasticsearch (Maven) Apr 8, 2025
Apache Tomcat Vulnerable to Cross-Site Scripting Moderate
CVE-2007-1355 was published for org.apache.tomcat:jsp-api (Maven) May 1, 2022
Apache Tomcat Mishandles Character Sequence in Cookies Moderate
CVE-2007-3385 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Apache Tomcat Cross-site scripting (XSS) vulnerability Moderate
CVE-2008-1947 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 1, 2022
sunSUNQ
Apache Pulsar Kafka Connector Logs Sensitive Information in Application Logs Moderate
CVE-2025-30677 was published for org.apache.pulsar:pulsar-io-kafka (Maven) Apr 9, 2025
Apache ActiveMQ Artemis Vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2025-27391 was published for org.apache.activemq:artemis-project (Maven) Apr 9, 2025
Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions Moderate
CVE-2012-3544 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Apache Archiva does not require entry of the administrator's password at the time of modifying a user account Moderate
CVE-2010-4408 was published for org.apache.archiva:archiva (Maven) May 14, 2022
Apache Continuum and Archiva vulnerable to Cross-site Scripting Moderate
CVE-2011-0533 was published for org.apache.archiva:archiva (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database