GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
HTTP/2 Stream Cancellation Attack
Moderate
CVE-2023-44487
was published
for
com.typesafe.akka:akka-http-core
(Go)
Oct 10, 2023
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin
Moderate
CVE-2022-20616
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
Jan 13, 2022
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
Moderate
CVE-2024-23672
was published
for
org.apache.tomcat.embed:tomcat-embed-websocket
(Maven)
Mar 13, 2024
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Moderate
CVE-2024-24549
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 13, 2024
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-21733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 19, 2024
Apache Geronimo Application Server CSRF vulnerabilities
Moderate
CVE-2009-0039
was published
for
org.apache.geronimo.plugins:console
(Maven)
May 2, 2022
Denial of service in Jenkins Core
Moderate
CVE-2023-27900
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Incorrect Permission Preservation in Jenkins Core
Moderate
CVE-2023-27902
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Jenkins Support Core Plugin stores sensitive data in plain text
Moderate
CVE-2022-25187
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Feb 16, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin
Moderate
CVE-2022-20614
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
Jan 13, 2022
Cross-Site Request Forgery in Jenkins Mailer Plugin
Moderate
CVE-2022-20613
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
Jan 13, 2022
Cross-site Scripting in Jenkins Dashboard View Plugin
Moderate
CVE-2021-21649
was published
for
org.jenkins-ci.plugins:dashboard-view
(Maven)
Jun 16, 2021
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin
Moderate
CVE-2022-20618
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs
Moderate
CVE-2022-20620
was published
for
org.jenkins-ci.plugins:ssh-agent
(Maven)
Jan 13, 2022
Cross-Site Request Forgery in Jenkins Credentials Plugin
Moderate
CVE-2021-21648
was published
for
org.jenkins-ci.plugins:credentials
(Maven)
Jun 16, 2021
Stored XSS vulnerability in Matrix Project Plugin
Moderate
CVE-2022-20615
was published
for
org.jenkins-ci.plugins:matrix-project
(Maven)
Jan 13, 2022
Missing Authorization in Jenkins S3 publisher Plugin
Moderate
CVE-2021-21650
was published
for
org.jenkins-ci.plugins:s3
(Maven)
Jun 16, 2021
Missing Authorization in Jenkins S3 publisher Plugin
Moderate
CVE-2021-21651
was published
for
org.jenkins-ci.plugins:s3
(Maven)
Jun 16, 2021
Missing authorization in Jenkins Kubernetes Plugin
Moderate
CVE-2020-2309
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
May 24, 2022
Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds
Moderate
CVE-2021-21647
was published
for
org.jenkins-ci.plugins:electricflow
(Maven)
May 24, 2022
Missing Authorization in Jenkins Kubernetes Plugin
Moderate
CVE-2020-2308
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin
Moderate
CVE-2020-2307
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
May 24, 2022
Missing Authorization in Jenkins Mercurial Plugin
Moderate
CVE-2020-2306
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Mercurial Plugin
Moderate
CVE-2020-2305
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
May 24, 2022
Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin
Moderate
CVE-2020-2252
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API