Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,852
NuGet
696
pip
3,637
Pub
12
RubyGems
911
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+

288 advisories

Loading
Jenkins Zoho QEngine Plugin Displays Unmasked API Keys Low
CVE-2025-30197 was published for io.jenkins.plugins:zohoqengine (Maven) Mar 19, 2025
Apache Seata Vulnerable to Data Amplification Low
CVE-2024-54016 was published for org.apache.seata:seata-parent (Maven) Mar 20, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data Low
CVE-2024-47552 was published for org.apache.seata:seata-config-core (Maven) Mar 20, 2025
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Low
CVE-2024-47197 was published for org.apache.maven.plugins:maven-archetype-plugin (Maven) Sep 26, 2024
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability Low
CVE-2024-45384 was published for org.apache.druid.extensions:druid-pac4j (Maven) Sep 17, 2024
Snowflake JDBC Driver client-side encryption key in DEBUG logs Low
CVE-2025-27496 was published for net.snowflake:snowflake-jdbc (Maven) Mar 13, 2025
Jenkins Zoom Plugin is Missing Password Field Masking Low
CVE-2025-0148 was published for io.jenkins.plugins:zoom (Maven) Feb 4, 2025
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2011-4344 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2015-1813 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Vulnerable to Denial of Service (DoS) Low
CVE-2015-1808 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows Cross-Site Scripting (XSS) in User Configuration Low
CVE-2013-5573 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Build Failure Analyzer Plugin allows Cross-Site Scripting (XSS) Low
CVE-2013-6374 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 17, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2012-6074 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins affected by Open Redirect Vulnerability Low
CVE-2012-6073 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2015-5326 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack Low
CVE-2015-5318 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2012-0325 was published for org.jenkins-ci.main:jenkins-core (Maven) May 4, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2012-0324 was published for org.jenkins-ci.main:jenkins-core (Maven) May 4, 2022
Apache Ranger Improper Neutralization of Formula Elements vulnerability Low
CVE-2024-55532 was published for org.apache.ranger:security-admin-web (Maven) Mar 3, 2025
Keycloak allows cross-site scripting (XSS) Low
CVE-2024-4028 was published for org.keycloak:keycloak-core (Maven) Feb 18, 2025
Apache NiFi: Missing Complete Authorization for Parameter and Service References Low
CVE-2024-56512 was published for org.apache.nifi:nifi-web-api (Maven) Dec 28, 2024
exceptionfactory
PMD Designer's release key passphrase (GPG) available on Maven Central in cleartext Low
CVE-2025-23215 was published for net.sourceforge.pmd:pmd-core (Maven) Jan 31, 2025
hboutemy
Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator Low
CVE-2025-24783 was published for org.apache.cocoon:cocoon-forms-impl (Maven) Jan 27, 2025
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability Low
CVE-2024-52800 was published for org.verapdf:core (Maven) Dec 2, 2024
QOS.CH logback-core Server-Side Request Forgery vulnerability Low
CVE-2024-12801 was published for ch.qos.logback:logback-core (Maven) Dec 19, 2024
HTHou pjfanning
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database