Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,348
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,659 advisories

Loading
Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10413 was published for com.datatheorem.mobileappsecurity.jenkins.plugin:datatheorem-mobile-app-security (Maven) May 24, 2022
Missing permission check in Jenkins Project Inheritance Plugin Moderate
CVE-2019-10409 was published for hudson.plugins:project-inheritance (Maven) May 24, 2022
Jenkins Log Parser Plugin vulnerable to Cross-site Scripting Moderate
CVE-2019-10410 was published for org.jenkins-ci.plugins:log-parser (Maven) May 24, 2022
Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information Low
CVE-2019-10412 was published for com.inedo.proget:inedo-proget (Maven) May 24, 2022
Yii Framework Code Injection High
CVE-2018-8074 was published for yiisoft/yii2-dev (Composer) May 24, 2022
Devise Token Auth vulnerable to Cross-site Scripting Moderate
CVE-2019-16751 was published for devise_token_auth (RubyGems) May 24, 2022
Joomla! XSS in Default Templates Moderate
CVE-2019-16725 was published for joomla/joomla-cms (Composer) May 24, 2022
Use of Insufficiently Random Values in Apereo CAS High
CVE-2019-10754 was published for org.apereo.cas:cas-server-core-services-api (Maven) May 24, 2022
Cross-site Scripting in Apache JSPWiki Moderate
CVE-2019-12407 was published for org.apache.jspwiki:jspwiki-main (Maven) May 24, 2022
Home Assistant information disclosure vulnerability High
CVE-2018-21019 was published for homeassistant (pip) May 24, 2022
Pagekit User enumeration Moderate
CVE-2019-16669 was published for pagekit/pagekit (Composer) May 24, 2022
Drupal Cross Site Scripting (XSS) vulnerability Moderate
CVE-2019-6341 was published for drupal/core (Composer) May 24, 2022
Use of a weak cryptographic algorithm in Gradle Low
CVE-2019-16370 was published for org.gradle:gradle-core (Maven) May 24, 2022
Pimcore RCE via PHAR upload High
CVE-2019-16317 was published for pimcore/pimcore (Composer) May 24, 2022
Pimcore Unrestricted Upload of File with Dangerous Type High
CVE-2019-16318 was published for pimcore/pimcore (Composer) May 24, 2022
Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields Low
CVE-2019-10397 was published for org.jenkins-ci.plugins:aqua-serverless (Maven) May 24, 2022
andrewpollock
Jenkins Build Environment Plugin vulnerable to Cross-site Scripting Moderate
CVE-2019-10395 was published for org.jenkins-ci.plugins:build-environment (Maven) May 24, 2022
Jenkins Dashboard View Plugin vulnerable to Cross-site Scripting Moderate
CVE-2019-10396 was published for org.jenkins-ci.plugins:dashboard-view (Maven) May 24, 2022
Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials Low
CVE-2019-10398 was published for org.jenkins-ci.plugins:beaker-builder (Maven) May 24, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin Moderate
CVE-2019-10399 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin Moderate
CVE-2019-10394 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin Moderate
CVE-2019-10400 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin High
CVE-2019-10392 was published for org.jenkins-ci.plugins:git-client (Maven) May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin Moderate
CVE-2019-10393 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
py-lmdb Divide by Zero interruptions High
CVE-2019-16228 was published for lmdb (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database