Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

6,169 advisories

Loading
Code injection in quarkus dev ui config editor Critical
CVE-2022-4116 was published for io.quarkus:quarkus-vertx-http-deployment (Maven) Nov 22, 2022
jmini
Credited to jmini
Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider High
CVE-2018-1051 was published for org.jboss.resteasy:resteasy-yaml-provider (Maven) May 13, 2022
Exposure of Sensitive Information in Jenkins Core Moderate
CVE-2016-3723 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Improper Authentication In Apache NiFi High
CVE-2017-5635 was published for org.apache.nifi:nifi (Maven) May 13, 2022
Improper Certificate Validation in Jenkins Spira Importer Plugin High
CVE-2019-16558 was published for com.inflectra.spiratest.plugins:inflectra-spira-integration (Maven) May 24, 2022
Cross site scripting in Jenkins Mission Control Plugin Moderate
CVE-2019-16563 was published for tech.andrey.jenkins:mission-control-view (Maven) May 24, 2022
Improper Authorization in Jenkins Core High
CVE-2019-1003004 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Cross-site Scripting in Apache NiFi Moderate
CVE-2016-8748 was published for org.apache.nifi:nifi (Maven) May 14, 2022
XML External Entity Reference in Apache NiFi Moderate
CVE-2017-12623 was published for org.apache.nifi:nifi (Maven) May 17, 2022
Denial of service in Apache Mesos High
CVE-2017-7687 was published for org.apache.mesos:mesos (Maven) May 13, 2022
Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin Moderate
CVE-2022-34112 was published for io.dataease:dataease-plugin-common (Maven) Jul 23, 2022
Injection in Apache NiFi Critical
CVE-2017-5636 was published for org.apache.nifi:nifi (Maven) May 17, 2022
Jenkins Subversion Release Manager Plugin vulnerable to cross-site scripting (XSS) Moderate
CVE-2020-2152 was published for org.jvnet.hudson.plugins:svn-release-mgr (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration Low
CVE-2020-2150 was published for org.jenkins-ci.plugins:sonar-quality-gates (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Incorrect Authorization in Jenkins Core Moderate
CVE-2016-3722 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
XML External Entity Reference in org.picketlink:picketlink-common High
CVE-2014-3530 was published for org.picketlink:picketlink-common (Maven) May 14, 2022
Cross-site Scripting in Jenkins Core Moderate
CVE-2017-17383 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Cross-site Scripting In Apache Brooklyn Moderate
CVE-2017-3165 was published for org.apache.brooklyn:brooklyn (Maven) May 17, 2022
Origin Validation Error in Apache NiFi High
CVE-2017-7667 was published for org.apache.nifi:nifi (Maven) May 17, 2022
Improper Access Control in JBoss mod_cluster Moderate
CVE-2012-1154 was published for org.jboss.mod_cluster:mod_cluster (Maven) May 17, 2022
Use of Insufficiently Random Values in Apereo CAS High
CVE-2019-10754 was published for org.apereo.cas:cas-server-core-services-api (Maven) May 24, 2022
Plaintext Storage in Jenkins Spira Importer Plugin Low
CVE-2019-16543 was published for com.inflectra.spiratest.plugins:inflectra-spira-integration (Maven) May 24, 2022
Insufficient Data Verification in io.really:jwt-scala Moderate
CVE-2017-10862 was published for io.really:jwt-scala (Maven) May 17, 2022
Use of a weak cryptographic algorithm in Gradle Low
CVE-2019-16370 was published for org.gradle:gradle-core (Maven) May 24, 2022
Crash when decoding malformed HTTP requests or malformed JSON payload High
CVE-2018-1330 was published for org.apache.mesos:mesos (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database