GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,964
Erlang
29
GitHub Actions
16
Go
1,746
Maven
4,974
npm
3,507
NuGet
609
pip
3,071
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,342 advisories
Filter by severity
XML External Entity Reference in Jenkins FindBugs Plugin
High
CVE-2018-1000011
was published
for
org.jvnet.hudson.plugins.findbugs:library
(Maven)
May 14, 2022
XXE vulnerability Jenkins Warnings Plugin
High
CVE-2018-1000012
was published
for
org.jvnet.hudson.plugins:warnings
(Maven)
May 14, 2022
CSRF vulnerability in Jenkins Translation Assistance plugin
High
CVE-2018-1000014
was published
for
org.jenkins-ci.plugins:translation
(Maven)
May 14, 2022
CSRF vulnerability in Jenkins Release plugin
High
CVE-2018-1000013
was published
for
org.jenkins-ci.plugins:release
(Maven)
May 14, 2022
MitM on Jenkins Maven Plugin
Moderate
CVE-2017-1000397
was published
for
org.jenkins-ci.main:maven-plugin
(Maven)
May 14, 2022
Jenkins Swarm Plugin Client vulnerable to man-in-the-middle attacks
Moderate
CVE-2017-1000402
was published
for
org.jenkins-ci.plugins:swarm-client
(Maven)
May 14, 2022
Jenkins Delivery Pipeline Plugin Cross-site Scripting vulnerability
Moderate
CVE-2017-1000404
was published
for
se.diabol.jenkins.pipeline:delivery-pipeline-plugin
(Maven)
May 14, 2022
Cross-Site Request Forgery (CSRF) vulnerability in Jenkins global-build-stats plugin
Moderate
CVE-2017-1000389
was published
for
org.jenkins-ci.plugins:global-build-stats
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor Jenkins Script Security Plugin
Moderate
CVE-2017-1000505
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 14, 2022
Yii Framework Cross-Site Request Forgery (CSRF)
High
CVE-2018-6009
was published
for
yiisoft/yii2
(Composer)
May 14, 2022
Race Condition in Jenkins
High
CVE-2017-1000503
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Apache NiFi XSS issue in context path handling
Critical
CVE-2017-15697
was published
for
org.apache.nifi:nifi
(Maven)
May 14, 2022
Arbitrary shell command execution in Jenkins EC2 Plugin
High
CVE-2017-1000502
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 14, 2022
Apache NiFi host header poisoning issue
High
CVE-2017-12632
was published
for
org.apache.nifi:nifi
(Maven)
May 14, 2022
SilverStripe CSV Excel Macro Injection
Moderate
CVE-2017-18049
was published
for
silverstripe/framework
(Composer)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt
High
CVE-2014-9970
was published
for
org.jasypt:jasypt
(Maven)
May 14, 2022
Echor Ruby Gem credentials can be stolen via process table monitoring
High
CVE-2014-1835
was published
for
echor
(RubyGems)
May 14, 2022
Cross-Site Request Forgery in Jenkins
High
CVE-2017-1000356
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Deserialization of Untrusted Data in Jenkins
Moderate
CVE-2017-1000355
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
SimpleSAMLphp Open redirection protection bypass
Moderate
CVE-2018-6520
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 14, 2022
dijit editor cross-site scripting vulnerability
Moderate
CVE-2018-6561
was published
for
dijit
(npm)
May 14, 2022
Improper Authentication in Jenkins
High
CVE-2017-1000354
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Cross site scripting in Croogo
Moderate
CVE-2017-1000510
was published
for
croogo/croogo
(Composer)
May 14, 2022
Mautic Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2017-1000506
was published
for
mautic/core
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API