GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,704 advisories
Filter by severity
Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization
Moderate
CVE-2019-10438
was published
for
org.jenkins-ci.plugins:crx-content-package-deployer
(Maven)
May 24, 2022
Keycloak Unauthenticated Access
High
CVE-2019-14832
was published
for
org.keycloak:keycloak-model-infinispan
(Maven)
May 24, 2022
Wildfly Authorization Misconfiguration
Moderate
CVE-2019-14838
was published
for
org.wildfly.core:wildfly-host-controller
(Maven)
May 24, 2022
Ansible leaks sensitive information to logs when told not to
Moderate
CVE-2019-14858
was published
for
ansible
(pip)
May 24, 2022
Craft CMS XSS Vulnerability
Moderate
CVE-2019-17496
was published
for
craftcms/cms
(Composer)
May 24, 2022
z-song laravel-admin XSS via the Slug or Name on the Roles screen
Moderate
CVE-2019-17433
was published
for
encore/laravel-admin
(Composer)
May 24, 2022
koji hub allows arbitrary upload destinations
High
CVE-2019-17109
was published
for
koji
(pip)
May 24, 2022
OpenStack Octavia Amphora-Agent not requiring Client-Certificate
Critical
CVE-2019-17134
was published
for
octavia
(pip)
May 24, 2022
Centreon Does Not Set HTTPOnly Flag
High
CVE-2019-17104
was published
for
centreon/centreon
(Composer)
May 24, 2022
Centreon Sensitive Data Exposure
Moderate
CVE-2019-17106
was published
for
centreon/centreon
(Composer)
May 24, 2022
Ansible Uses Plugins That Disclose Credentials
High
CVE-2019-14846
was published
for
ansible
(pip)
May 24, 2022
Centreon Privilege Escalation
Critical
CVE-2018-21025
was published
for
centreon/centreon
(Composer)
May 24, 2022
TeamPass Stored Cross-site Scripting
Moderate
CVE-2019-17205
was published
for
nilsteampassnet/teampass
(Composer)
May 24, 2022
TeamPass Stored Cross-site Scripting
Moderate
CVE-2019-17204
was published
for
nilsteampassnet/teampass
(Composer)
May 24, 2022
TeamPass Stored Cross-site Scripting
Moderate
CVE-2019-17203
was published
for
nilsteampassnet/teampass
(Composer)
May 24, 2022
wolfCrypt leaks cryptographic information via timing side channel
Moderate
CVE-2019-13628
was published
for
wolfcrypt
(pip)
May 24, 2022
Cross-site Scripting in Eclipse Mojarra
Moderate
CVE-2019-17091
was published
for
org.glassfish:jakarta.faces
(Maven)
May 24, 2022
Cargo prior to Rust 1.26.0 may download the wrong dependency
High
CVE-2019-16760
was published
for
cargo
(Rust)
May 24, 2022
Jenkins SourceGear Vault plugin transmits credentials in plain text
High
CVE-2019-10435
was published
for
org.jenkins-ci.plugins:vault-scm-plugin
(Maven)
May 24, 2022
Jenkins HTML Publisher Plugin vulnerable to Cross-site Scripting
Moderate
CVE-2019-10432
was published
for
org.jenkins-ci.plugins:htmlpublisher
(Maven)
May 24, 2022
Cleartext Transmission of Sensitive Information in Apache MINA
High
CVE-2019-0231
was published
for
org.apache.mina:mina-core
(Maven)
May 24, 2022
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
Critical
CVE-2019-10202
was published
for
org.codehaus.jackson:jackson-mapper-asl
(Maven)
May 24, 2022
Improper Control of Generation of Code in Jenkins Script Security Plugin
Critical
CVE-2019-10431
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Jenkins LDAP Email Plugin shows plain text password in configuration form
Low
CVE-2019-10434
was published
for
com.mtvi.plateng.hudson:ldapemail
(Maven)
May 24, 2022
DingTalk Plugin stores credentials in plain text
Low
CVE-2019-10433
was published
for
io.jenkins.plugins:dingding-notifications
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API