Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

20,704 advisories

Loading
Jenkins CRX Content Package Deployer Plugin subject to Cross-Site Request Forgery High
CVE-2019-10437 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
Keycloak Unauthenticated Access High
CVE-2019-14832 was published for org.keycloak:keycloak-model-infinispan (Maven) May 24, 2022
Wildfly Authorization Misconfiguration Moderate
CVE-2019-14838 was published for org.wildfly.core:wildfly-host-controller (Maven) May 24, 2022
Ansible leaks sensitive information to logs when told not to Moderate
CVE-2019-14858 was published for ansible (pip) May 24, 2022
Craft CMS XSS Vulnerability Moderate
CVE-2019-17496 was published for craftcms/cms (Composer) May 24, 2022
z-song laravel-admin XSS via the Slug or Name on the Roles screen Moderate
CVE-2019-17433 was published for encore/laravel-admin (Composer) May 24, 2022
koji hub allows arbitrary upload destinations High
CVE-2019-17109 was published for koji (pip) May 24, 2022
OpenStack Octavia Amphora-Agent not requiring Client-Certificate Critical
CVE-2019-17134 was published for octavia (pip) May 24, 2022
Centreon Does Not Set HTTPOnly Flag High
CVE-2019-17104 was published for centreon/centreon (Composer) May 24, 2022
Centreon Sensitive Data Exposure Moderate
CVE-2019-17106 was published for centreon/centreon (Composer) May 24, 2022
Ansible Uses Plugins That Disclose Credentials High
CVE-2019-14846 was published for ansible (pip) May 24, 2022
Centreon Privilege Escalation Critical
CVE-2018-21025 was published for centreon/centreon (Composer) May 24, 2022
TeamPass Stored Cross-site Scripting Moderate
CVE-2019-17205 was published for nilsteampassnet/teampass (Composer) May 24, 2022
TeamPass Stored Cross-site Scripting Moderate
CVE-2019-17204 was published for nilsteampassnet/teampass (Composer) May 24, 2022
TeamPass Stored Cross-site Scripting Moderate
CVE-2019-17203 was published for nilsteampassnet/teampass (Composer) May 24, 2022
wolfCrypt leaks cryptographic information via timing side channel Moderate
CVE-2019-13628 was published for wolfcrypt (pip) May 24, 2022
Cross-site Scripting in Eclipse Mojarra Moderate
CVE-2019-17091 was published for org.glassfish:jakarta.faces (Maven) May 24, 2022
Cargo prior to Rust 1.26.0 may download the wrong dependency High
CVE-2019-16760 was published for cargo (Rust) May 24, 2022
Cleartext Transmission of Sensitive Information in Apache MINA High
CVE-2019-0231 was published for org.apache.mina:mina-core (Maven) May 24, 2022
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl Critical
CVE-2019-10202 was published for org.codehaus.jackson:jackson-mapper-asl (Maven) May 24, 2022
Improper Control of Generation of Code in Jenkins Script Security Plugin Critical
CVE-2019-10431 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
dbolkensteyn
Jenkins LDAP Email Plugin shows plain text password in configuration form Low
CVE-2019-10434 was published for com.mtvi.plateng.hudson:ldapemail (Maven) May 24, 2022
DingTalk Plugin stores credentials in plain text Low
CVE-2019-10433 was published for io.jenkins.plugins:dingding-notifications (Maven) May 24, 2022
Jenkins SourceGear Vault plugin transmits credentials in plain text High
CVE-2019-10435 was published for org.jenkins-ci.plugins:vault-scm-plugin (Maven) May 24, 2022
Jenkins HTML Publisher Plugin vulnerable to Cross-site Scripting Moderate
CVE-2019-10432 was published for org.jenkins-ci.plugins:htmlpublisher (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API