Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,704 advisories

Loading
phpBB Cross-Site Request Forgery (CSRF) High
CVE-2019-16993 was published for phpbb/phpbb (Composer) May 24, 2022
Dolibarr stored Cross-site Scripting vulnerability Moderate
CVE-2019-16685 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr Cross-site Scripting in a User Note section Moderate
CVE-2019-16686 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr Cross-site Scripting in a User Profile in a Signature section Moderate
CVE-2019-16687 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr stored Cross-site Scripting in an Email Template section Moderate
CVE-2019-16688 was published for dolibarr/dolibarr (Composer) May 24, 2022
phpBB Cross-Site Request Forgery (CSRF) Moderate
CVE-2019-13376 was published for phpbb/phpbb (Composer) May 24, 2022
MediaWiki information disclosure Moderate
CVE-2019-16738 was published for mediawiki/core (Composer) May 24, 2022
SilverStripe asset-admin Cross-site Scripting (XSS) Moderate
CVE-2019-14272 was published for silverstripe/framework (Composer) May 24, 2022
Silverstripe Flash Clipboard Reflected XSS Moderate
CVE-2019-12205 was published for silverstripe/admin (Composer) May 24, 2022
maxime-rainville GuySartorelli
G-Rath
Jenkins elOyente Plugin has Insufficiently Protected Credentials Low
CVE-2019-10424 was published for com.technicolor:elOyente (Maven) May 24, 2022
Jenkins Google Calendar Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10425 was published for org.jenkins-ci.plugins:gcal (Maven) May 24, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin Critical
CVE-2019-10417 was published for io.fabric8.pipeline:kubernetes-pipeline-steps (Maven) May 24, 2022
westonsteimel
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin Critical
CVE-2019-10418 was published for io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps (Maven) May 24, 2022
westonsteimel
Jenkins CodeScan Plugin has Insufficiently Protected Credentials Low
CVE-2019-10423 was published for com.villagechief.codescan.jenkins:codescan (Maven) May 24, 2022
Jenkins Assembla Plugin has Insufficiently Protected Credentials Low
CVE-2019-10420 was published for org.jenkins-ci.plugins:assembla (Maven) May 24, 2022
Jenkins Call Remote Job Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10422 was published for org.ukiuni.callOtherJenkins:call-remote-job-plugin (Maven) May 24, 2022
Jenkins vFabric Application Director Plugin Insufficiently Protected Credentials Low
CVE-2019-10419 was published for org.jenkins-ci.plugins:application-director-plugin (Maven) May 24, 2022
Jenkins Azure Event Grid Build Notifier Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10421 was published for org.jenkins-ci.plugins:azure-event-grid-notifier (Maven) May 24, 2022
Jenkins Violation Comments to GitLab Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10415 was published for org.jenkins-ci.plugins:violation-comments-to-gitlab (Maven) May 24, 2022
Violation Comments to GitLab Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10416 was published for org.jenkins-ci.plugins:violation-comments-to-gitlab (Maven) May 24, 2022
Jenkins Git Changelog Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10414 was published for de.wellnerbou.jenkins:git-changelog (Maven) May 24, 2022
Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form Low
CVE-2019-10411 was published for com.inedo.proget:inedo-proget (Maven) May 24, 2022
Jenkins Project Inheritance Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2019-10408 was published for hudson.plugins:project-inheritance (Maven) May 24, 2022
Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10413 was published for com.datatheorem.mobileappsecurity.jenkins.plugin:datatheorem-mobile-app-security (Maven) May 24, 2022
Missing permission check in Jenkins Project Inheritance Plugin Moderate
CVE-2019-10409 was published for hudson.plugins:project-inheritance (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database