GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,704 advisories
Filter by severity
Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions
Moderate
CVE-2019-10472
was published
for
org.jenkins-ci.plugins:libvirt-slave
(Maven)
May 24, 2022
Jenkins Global Post Script Plugin missing permission check
Moderate
CVE-2019-10474
was published
for
org.jenkins-ci.plugins:global-post-script
(Maven)
May 24, 2022
Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials
High
CVE-2019-10460
was published
for
org.jenkins-ci.plugins:bitbucket-oauth
(Maven)
May 24, 2022
Jenkins Sonar Gerrit Plugin stores credentials unencrypted
Moderate
CVE-2019-10467
was published
for
org.jenkins-ci.plugins:sonar-gerrit
(Maven)
May 24, 2022
Jenkins Dynatrace Plugin vulnerable to Cross-Site Request Forgery
High
CVE-2019-10462
was published
for
org.jenkins-ci.plugins:dynatrace-dashboard
(Maven)
May 24, 2022
Jenkins Dynatrace Plugin contains Incorrect Default Permissions
Moderate
CVE-2019-10463
was published
for
org.jenkins-ci.plugins:dynatrace-dashboard
(Maven)
May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration
Moderate
CVE-2019-10470
was published
for
com.elasticbox.jenkins-ci.plugins:kubernetes-ci
(Maven)
May 24, 2022
Jenkins Libvirt Slaves Plugin vlnerable to Credential Enumeration
Moderate
CVE-2019-10473
was published
for
org.jenkins-ci.plugins:libvirt-slave
(Maven)
May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Cross-Site Request Forgery
High
CVE-2019-10468
was published
for
com.elasticbox.jenkins-ci.plugins:kubernetes-ci
(Maven)
May 24, 2022
Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery
High
CVE-2019-10471
was published
for
org.jenkins-ci.plugins:libvirt-slave
(Maven)
May 24, 2022
Jenkins Deploy WebLogic Plugin missing permission check
Moderate
CVE-2019-10465
was published
for
org.jenkins-ci.plugins:weblogic-deployer-plugin
(Maven)
May 24, 2022
Jenkins Deploy WebLogic Plugin cross-site request forgery vulnerability
High
CVE-2019-10464
was published
for
org.jenkins-ci.plugins:weblogic-deployer-plugin
(Maven)
May 24, 2022
Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference
High
CVE-2019-10466
was published
for
org.jenkins-ci.plugins.plugin:fireline
(Maven)
May 24, 2022
Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token
Moderate
CVE-2019-10459
was published
for
org.jenkins-ci.plugins:mattermost
(Maven)
May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization
Moderate
CVE-2019-10469
was published
for
com.elasticbox.jenkins-ci.plugins:kubernetes-ci
(Maven)
May 24, 2022
Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager
High
CVE-2019-16530
was published
for
org.sonatype.nexus:nexus-repository
(Maven)
May 24, 2022
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability
High
CVE-2019-18197
was published
for
nokogiri
(RubyGems)
May 24, 2022
Yii SQL injection vulnerability
Critical
CVE-2018-7269
was published
for
yiisoft/yii2-dev
(Composer)
May 24, 2022
Dolibarr Cross-site Scripting via outgoing email setup feature
Moderate
CVE-2019-17577
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Dolibarr Cross-site Scripting via outgoing email setup feature
Moderate
CVE-2019-17576
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Dolibarr Cross-site Scripting vulnerability
Moderate
CVE-2019-17578
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
sr_freecap for Typo3 RCE Vulnerability
Critical
CVE-2019-16699
was published
for
sjbr/sr-freecap
(Composer)
May 24, 2022
Dolibarr ERP and CRM HTML Injection
Moderate
CVE-2019-17223
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
slub_events for Typo3 Arbitrary File Upload
Critical
CVE-2019-16700
was published
for
slub/slub-events
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API