Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,964
Erlang
29
GitHub Actions
16
Go
1,746
Maven
4,974
npm
3,507
NuGet
609
pip
3,071
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,342 advisories

XML External Entity Reference in Jenkins FindBugs Plugin High
CVE-2018-1000011 was published for org.jvnet.hudson.plugins.findbugs:library (Maven) May 14, 2022
XXE vulnerability Jenkins Warnings Plugin High
CVE-2018-1000012 was published for org.jvnet.hudson.plugins:warnings (Maven) May 14, 2022
CSRF vulnerability in Jenkins Translation Assistance plugin High
CVE-2018-1000014 was published for org.jenkins-ci.plugins:translation (Maven) May 14, 2022
CSRF vulnerability in Jenkins Release plugin High
CVE-2018-1000013 was published for org.jenkins-ci.plugins:release (Maven) May 14, 2022
MitM on Jenkins Maven Plugin Moderate
CVE-2017-1000397 was published for org.jenkins-ci.main:maven-plugin (Maven) May 14, 2022
q5438722
Jenkins Swarm Plugin Client vulnerable to man-in-the-middle attacks Moderate
CVE-2017-1000402 was published for org.jenkins-ci.plugins:swarm-client (Maven) May 14, 2022
Jenkins Delivery Pipeline Plugin Cross-site Scripting vulnerability Moderate
CVE-2017-1000404 was published for se.diabol.jenkins.pipeline:delivery-pipeline-plugin (Maven) May 14, 2022
Cross-Site Request Forgery (CSRF) vulnerability in Jenkins global-build-stats plugin Moderate
CVE-2017-1000389 was published for org.jenkins-ci.plugins:global-build-stats (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor Jenkins Script Security Plugin Moderate
CVE-2017-1000505 was published for org.jenkins-ci.plugins:script-security (Maven) May 14, 2022
Yii Framework Cross-Site Request Forgery (CSRF) High
CVE-2018-6009 was published for yiisoft/yii2 (Composer) May 14, 2022
Race Condition in Jenkins High
CVE-2017-1000503 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
Apache NiFi XSS issue in context path handling Critical
CVE-2017-15697 was published for org.apache.nifi:nifi (Maven) May 14, 2022
Arbitrary shell command execution in Jenkins EC2 Plugin High
CVE-2017-1000502 was published for org.jenkins-ci.plugins:ec2 (Maven) May 14, 2022
Apache NiFi host header poisoning issue High
CVE-2017-12632 was published for org.apache.nifi:nifi (Maven) May 14, 2022
SilverStripe CSV Excel Macro Injection Moderate
CVE-2017-18049 was published for silverstripe/framework (Composer) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt High
CVE-2014-9970 was published for org.jasypt:jasypt (Maven) May 14, 2022
Echor Ruby Gem credentials can be stolen via process table monitoring High
CVE-2014-1835 was published for echor (RubyGems) May 14, 2022
Echor contains Command Injection High
CVE-2014-1834 was published for echor (RubyGems) May 14, 2022
Cross-Site Request Forgery in Jenkins High
CVE-2017-1000356 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Deserialization of Untrusted Data in Jenkins Moderate
CVE-2017-1000355 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
SimpleSAMLphp Open redirection protection bypass Moderate
CVE-2018-6520 was published for simplesamlphp/simplesamlphp (Composer) May 14, 2022
dijit editor cross-site scripting vulnerability Moderate
CVE-2018-6561 was published for dijit (npm) May 14, 2022
Improper Authentication in Jenkins High
CVE-2017-1000354 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Cross site scripting in Croogo Moderate
CVE-2017-1000510 was published for croogo/croogo (Composer) May 14, 2022
Ocramius
Mautic Cross Site Scripting (XSS) vulnerability Moderate
CVE-2017-1000506 was published for mautic/core (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API