Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,733 advisories

Loading
Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation Moderate
CVE-2019-10444 was published for org.jenkins-ci.plugins:bumblebee (Maven) May 24, 2022
Jenkins Sofy.AI Plugin stores API token in plain text Moderate
CVE-2019-10447 was published for io.jenkins.plugins:sofy-ai (Maven) May 24, 2022
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin Moderate
CVE-2019-10436 was published for org.jenkins-ci.plugins:google-oauth-plugin (Maven) May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization Moderate
CVE-2019-10438 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to Cross-Site Request Forgery High
CVE-2019-10437 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
Keycloak Unauthenticated Access High
CVE-2019-14832 was published for org.keycloak:keycloak-model-infinispan (Maven) May 24, 2022
Wildfly Authorization Misconfiguration Moderate
CVE-2019-14838 was published for org.wildfly.core:wildfly-host-controller (Maven) May 24, 2022
Ansible leaks sensitive information to logs when told not to Moderate
CVE-2019-14858 was published for ansible (pip) May 24, 2022
Craft CMS XSS Vulnerability Moderate
CVE-2019-17496 was published for craftcms/cms (Composer) May 24, 2022
z-song laravel-admin XSS via the Slug or Name on the Roles screen Moderate
CVE-2019-17433 was published for encore/laravel-admin (Composer) May 24, 2022
koji hub allows arbitrary upload destinations High
CVE-2019-17109 was published for koji (pip) May 24, 2022
OpenStack Octavia Amphora-Agent not requiring Client-Certificate Critical
CVE-2019-17134 was published for octavia (pip) May 24, 2022
Centreon Sensitive Data Exposure Moderate
CVE-2019-17106 was published for centreon/centreon (Composer) May 24, 2022
Centreon Does Not Set HTTPOnly Flag High
CVE-2019-17104 was published for centreon/centreon (Composer) May 24, 2022
Ansible Uses Plugins That Disclose Credentials High
CVE-2019-14846 was published for ansible (pip) May 24, 2022
Centreon Privilege Escalation Critical
CVE-2018-21025 was published for centreon/centreon (Composer) May 24, 2022
TeamPass Stored Cross-site Scripting Moderate
CVE-2019-17205 was published for nilsteampassnet/teampass (Composer) May 24, 2022
TeamPass Stored Cross-site Scripting Moderate
CVE-2019-17203 was published for nilsteampassnet/teampass (Composer) May 24, 2022
TeamPass Stored Cross-site Scripting Moderate
CVE-2019-17204 was published for nilsteampassnet/teampass (Composer) May 24, 2022
wolfCrypt leaks cryptographic information via timing side channel Moderate
CVE-2019-13628 was published for wolfcrypt (pip) May 24, 2022
Cross-site Scripting in Eclipse Mojarra Moderate
CVE-2019-17091 was published for org.glassfish:jakarta.faces (Maven) May 24, 2022
Cargo prior to Rust 1.26.0 may download the wrong dependency High
CVE-2019-16760 was published for cargo (Rust) May 24, 2022
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl Critical
CVE-2019-10202 was published for org.codehaus.jackson:jackson-mapper-asl (Maven) May 24, 2022
Improper Control of Generation of Code in Jenkins Script Security Plugin Critical
CVE-2019-10431 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
dbolkensteyn
DingTalk Plugin stores credentials in plain text Low
CVE-2019-10433 was published for io.jenkins.plugins:dingding-notifications (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database