Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,857
NuGet
696
pip
3,639
Pub
12
RubyGems
912
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+

295 advisories

Loading
UnsafeAccessor 1.4.0 until 1.7.0 has no security checking for UnsafeAccess.getInstance() Moderate
CVE-2022-31139 was published for io.github.karlatemp:unsafe-accessor (Maven) Jul 12, 2022
Possible information disclosure inside TreeGrid component with default data provider Moderate
CVE-2022-29567 was published for com.vaadin:vaadin (Maven) May 25, 2022
SunBK201
Project Inheritance Plugin showed secret environment variables defined in Mask Passwords Plugin Moderate
CVE-2019-10407 was published for hudson.plugins:project-inheritance (Maven) May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2019-10405 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
JBoss EJB Client information disclosure vulnerability Moderate
CVE-2021-20250 was published for org.jboss:jboss-ejb-client (Maven) May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch Moderate
CVE-2021-22137 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
joshbressers
Support bundles can include user session IDs in Jenkins Support Core Plugin Low
CVE-2021-21621 was published for org.jenkins-ci.plugins:support-core (Maven) May 24, 2022
NotMyFault
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin Moderate
CVE-2020-2307 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) May 24, 2022
westonsteimel
xxl-job sensitive data exposure High
CVE-2020-23811 was published for com.xuxueli:xxl-job (Maven) May 24, 2022
Keycloak leaks sensitive information in logged exceptions Moderate
CVE-2020-1698 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
Improper Input Validation in Undertow High
CVE-2020-1757 was published for io.undertow:undertow-core (Maven) May 24, 2022
yawkat
Jenkins Diagnostic page exposed session cookies Moderate
CVE-2020-2103 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch Moderate
CVE-2019-7619 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
Exposure of Sensitive Information in Apache Storm Logviewer High
CVE-2019-0202 was published for org.apache.storm:storm-core (Maven) May 24, 2022
Insertion of Sensitive Information into Externally-Accessible File or Directory in Jenkins Credentials Plugin Moderate
CVE-2019-10320 was published for org.jenkins-ci.plugins:credentials (Maven) May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient Moderate
CVE-2011-1498 was published for org.apache.httpcomponents:httpclient (Maven) May 17, 2022
MarkLee131
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled Low
CVE-2011-4457 was published for com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (Maven) May 17, 2022
Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests Moderate
CVE-2011-3375 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Spring Security Moderate
CVE-2012-5055 was published for org.springframework.security:spring-security-core (Maven) May 17, 2022
Apache Rave information disclosure vulnerability Moderate
CVE-2013-1814 was published for org.apache.rave:rave-core (Maven) May 17, 2022
q5438722
Eucalyptus Unauthorized Access to CC/NC Log Files Moderate
CVE-2013-4766 was published for org.jclouds.api:eucalyptus (Maven) May 17, 2022
Apache Shindig PHP Sensitive Information Disclosure Moderate
CVE-2013-4295 was published for org.apache.shindig:shindig-php (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in JGroup Moderate
CVE-2013-4112 was published for org.jgroups:jgroups (Maven) May 17, 2022
Jenkins allows attackers to determine whether a user exists Moderate
CVE-2014-2064 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2014-3662 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database