Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,471
Erlang
33
GitHub Actions
24
Go
2,174
Maven
5,000+
npm
3,835
NuGet
696
pip
3,511
Pub
12
RubyGems
910
Rust
908
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,548 advisories

Loading
Improper Certificate Validation in OWASP ZAP Moderate
CVE-2022-27820 was published for org.zaproxy:zap (Maven) Mar 25, 2022
Path traversal in Jenkins Phoenix AutoTest Plugin Moderate
CVE-2022-28156 was published for com.surenpi.jenkins:phoenix-autotest (Maven) Mar 30, 2022
Cross-site Scripting in Jenkins SiteMonitor Plugin Moderate
CVE-2022-28153 was published for org.jvnet.hudson.plugins:sitemonitor (Maven) Mar 30, 2022
Cross site scripting in Shopizer Moderate
CVE-2022-23059 was published for com.shopizer:shopizer (Maven) Mar 30, 2022
Improper Restriction of XML External Entity Reference in wutka jox Moderate
CVE-2021-43142 was published for com.wutka:jox (Maven) Apr 1, 2022
Unauthenticated user can retrieve the list of users through uorgsuggest.vm Moderate
CVE-2022-24819 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 8, 2022
Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx Moderate
CVE-2022-24821 was published for org.xwiki.platform:xwiki-platform-skin-skinx (Maven) Apr 8, 2022
Missing permission checks in Jenkins Publish Over FTP Plugin Moderate
CVE-2022-29051 was published for org.jenkins-ci.plugins:publish-over-ftp (Maven) Apr 13, 2022
westonsteimel
Missing permission check in Jenkins SSH Plugin Moderate
CVE-2022-30957 was published for org.jenkins-ci.plugins:ssh (Maven) May 18, 2022
Private key stored in plain text by Jenkins Google Compute Engine Plugin Moderate
CVE-2022-29052 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) Apr 13, 2022
NotMyFault
Cross-site Scripting in Jenkins Credentials Plugin Moderate
CVE-2022-29036 was published for org.jenkins-ci.plugins:credentials (Maven) Apr 13, 2022
Stored XSS in Jenkins CVS Plugin Moderate
CVE-2022-29037 was published for org.jenkins-ci.plugins:cvs (Maven) Apr 13, 2022
westonsteimel
Cross-site Scripting in OWASP AntiSamy Moderate
CVE-2022-28367 was published for org.owasp.antisamy:antisamy (Maven) Apr 23, 2022
Improper Input Validation in Mortbay Jetty Moderate
CVE-2006-2759 was published for org.mortbay.jetty:jetty (Maven) May 1, 2022
Server-Side Request Forgery in Jenkins Moderate
CVE-2018-1000067 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Injection in Jenkins Moderate
CVE-2018-1000193 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2018-1000195 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper Restriction of XML External Entity Reference in Castor Moderate
CVE-2014-3004 was published for org.codehaus.castor:castor (Maven) May 13, 2022
Improper Neutralization of Input During Web Page Generation in Apache Hadoop Moderate
CVE-2017-3161 was published for org.apache.hadoop:hadoop-client (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch Moderate
CVE-2018-17244 was published for org.elasticsearch:elasticsearch (Maven) May 13, 2022
Improper Authentication in Apache Kafka Moderate
CVE-2017-12610 was published for org.apache.kafka:kafka-clients (Maven) May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in zt-zip Moderate
CVE-2018-1002201 was published for org.zeroturnaround:zt-zip (Maven) May 13, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2017-2613 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2018-1000169 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Improper Access Control in Apache Derby Moderate
CVE-2018-1313 was published for org.apache.derby:derby (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database