GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,704 advisories
Filter by severity
url_redirect for Typo3 SQLi Vulnerability
High
CVE-2019-16682
was published
for
sfroemken/url_redirect
(Composer)
May 24, 2022
direct_mail for Typo3 sensitive data exposure
Moderate
CVE-2019-16698
was published
for
directmailteam/direct-mail
(Composer)
May 24, 2022
Mulesoft Mule Unsafe Deserialization
Critical
CVE-2019-13116
was published
for
org.mule.runtime:mule
(Maven)
May 24, 2022
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin
Critical
CVE-2019-10458
was published
for
org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline
(Maven)
May 24, 2022
Jenkins Delphix Plugin vulnerable to Cleartext credential storage
High
CVE-2019-10453
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
May 24, 2022
Jenkins Rundeck Plugin CSRF vulnerability
Moderate
CVE-2019-10454
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
May 24, 2022
Jenkins Oracle Cloud Infrastructure Compute Classic Plugin cross-site request forgery vulnerability
Moderate
CVE-2019-10456
was published
for
org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute-classic
(Maven)
May 24, 2022
Jenkins SOASTA CloudTest Plugin stores API token in plain text
Moderate
CVE-2019-10451
was published
for
com.soasta.jenkins:cloudtest
(Maven)
May 24, 2022
Jenkins View26 Test-Reporting Plugin stores access token in plain text
Moderate
CVE-2019-10452
was published
for
org.jenkins-ci.plugins:view26
(Maven)
May 24, 2022
Missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin
Moderate
CVE-2019-10457
was published
for
org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute-classic
(Maven)
May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin
Low
CVE-2019-10450
was published
for
com.elasticbox.jenkins-ci.plugins:elasticbox
(Maven)
May 24, 2022
Jenkins Fortify on Demand Plugin stores credentials in plain text
Moderate
CVE-2019-10449
was published
for
org.jenkins-ci.plugins:fortify-on-demand-uploader
(Maven)
May 24, 2022
Missing permission check in Jenkins Rundeck Plugin
Moderate
CVE-2019-10455
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
May 24, 2022
Jenkins iceScrum Plugin vulnerable to Cross-site Request Forgery
Moderate
CVE-2019-10441
was published
for
org.jenkins-ci.plugins:icescrum
(Maven)
May 24, 2022
Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification
High
CVE-2019-10446
was published
for
org.jenkins-ci.plugins:vmanager-plugin
(Maven)
May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin
High
CVE-2019-10448
was published
for
jenkins.xtc:extensivetesting
(Maven)
May 24, 2022
Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation
Moderate
CVE-2019-10444
was published
for
org.jenkins-ci.plugins:bumblebee
(Maven)
May 24, 2022
Jenkins iceScrum Plugin stores credentials in Cleartext
High
CVE-2019-10443
was published
for
org.jenkins-ci.plugins:icescrum
(Maven)
May 24, 2022
Jenkins NeoLoad Plugin stores credentials in cleartext
High
CVE-2019-10440
was published
for
org.jenkins-ci.plugins:neoload-jenkins-plugin
(Maven)
May 24, 2022
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin
Moderate
CVE-2019-10436
was published
for
org.jenkins-ci.plugins:google-oauth-plugin
(Maven)
May 24, 2022
Jenkins iceScrum Plugin vulnerable to Missing Authorization
Moderate
CVE-2019-10442
was published
for
org.jenkins-ci.plugins:icescrum
(Maven)
May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization
Moderate
CVE-2019-10439
was published
for
org.jenkins-ci.plugins:crx-content-package-deployer
(Maven)
May 24, 2022
Jenkins Sofy.AI Plugin stores API token in plain text
Moderate
CVE-2019-10447
was published
for
io.jenkins.plugins:sofy-ai
(Maven)
May 24, 2022
Missing permission checks in Google Kubernetes Engine Jenkins Plugin
Moderate
CVE-2019-10445
was published
for
org.jenkins-ci.plugins:google-kubernetes-engine
(Maven)
May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to Cross-Site Request Forgery
High
CVE-2019-10437
was published
for
org.jenkins-ci.plugins:crx-content-package-deployer
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API