Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,704 advisories

Loading
Jenkins build-metrics Plugin reflected cross-site scripting vulnerability Moderate
CVE-2019-10475 was published for org.jenkins-ci.plugins:build-metrics (Maven) May 24, 2022
q5438722
Jenkins Global Post Script Plugin missing permission check Moderate
CVE-2019-10474 was published for org.jenkins-ci.plugins:global-post-script (Maven) May 24, 2022
Jenkins Sonar Gerrit Plugin stores credentials unencrypted Moderate
CVE-2019-10467 was published for org.jenkins-ci.plugins:sonar-gerrit (Maven) May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration Moderate
CVE-2019-10470 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
Jenkins Dynatrace Plugin contains Incorrect Default Permissions Moderate
CVE-2019-10463 was published for org.jenkins-ci.plugins:dynatrace-dashboard (Maven) May 24, 2022
Jenkins Dynatrace Plugin vulnerable to Cross-Site Request Forgery High
CVE-2019-10462 was published for org.jenkins-ci.plugins:dynatrace-dashboard (Maven) May 24, 2022
Jenkins Deploy WebLogic Plugin missing permission check Moderate
CVE-2019-10465 was published for org.jenkins-ci.plugins:weblogic-deployer-plugin (Maven) May 24, 2022
Jenkins Deploy WebLogic Plugin cross-site request forgery vulnerability High
CVE-2019-10464 was published for org.jenkins-ci.plugins:weblogic-deployer-plugin (Maven) May 24, 2022
Jenkins Libvirt Slaves Plugin vlnerable to Credential Enumeration Moderate
CVE-2019-10473 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials High
CVE-2019-10460 was published for org.jenkins-ci.plugins:bitbucket-oauth (Maven) May 24, 2022
Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery High
CVE-2019-10471 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Cross-Site Request Forgery High
CVE-2019-10468 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference High
CVE-2019-10466 was published for org.jenkins-ci.plugins.plugin:fireline (Maven) May 24, 2022
Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token Moderate
CVE-2019-10459 was published for org.jenkins-ci.plugins:mattermost (Maven) May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization Moderate
CVE-2019-10469 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager High
CVE-2019-16530 was published for org.sonatype.nexus:nexus-repository (Maven) May 24, 2022
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability High
CVE-2019-18197 was published for nokogiri (RubyGems) May 24, 2022
Yii SQL injection vulnerability Critical
CVE-2018-7269 was published for yiisoft/yii2-dev (Composer) May 24, 2022
Rambox RCE Vulnerability Critical
CVE-2019-17625 was published for Rambox (npm) May 24, 2022
Dolibarr Cross-site Scripting via outgoing email setup feature Moderate
CVE-2019-17577 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr Cross-site Scripting via outgoing email setup feature Moderate
CVE-2019-17576 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr Cross-site Scripting vulnerability Moderate
CVE-2019-17578 was published for dolibarr/dolibarr (Composer) May 24, 2022
slub_events for Typo3 Arbitrary File Upload Critical
CVE-2019-16700 was published for slub/slub-events (Composer) May 24, 2022
sr_freecap for Typo3 RCE Vulnerability Critical
CVE-2019-16699 was published for sjbr/sr-freecap (Composer) May 24, 2022
Dolibarr ERP and CRM HTML Injection Moderate
CVE-2019-17223 was published for dolibarr/dolibarr (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database