GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
Exposure of secrets through system log in Jenkins Structs Plugin
Low
CVE-2024-39458
was published
for
org.jenkins-ci.plugins:structs
(Maven)
Jun 26, 2024
Apache Camel data exposure vulnerability
Low
CVE-2024-22371
was published
for
org.apache.camel:camel-core
(Maven)
Feb 26, 2024
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
Low
CVE-2024-47197
was published
for
org.apache.maven.plugins:maven-archetype-plugin
(Maven)
Sep 26, 2024
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
In Quarkus, git credentials could be inadvertently published
Low
CVE-2024-1979
was published
for
io.quarkus:quarkus-kubernetes-deployment
(Maven)
Mar 13, 2024
Exposure of Sensitive Information to an Unauthorized Actor in Apache hive
Low
CVE-2018-1284
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Apache Tomcat information disclosure vulnerability
Low
CVE-2008-4308
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled
Low
CVE-2011-4457
was published
for
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
(Maven)
May 17, 2022
ActiveMQ's OpenWire protocol exposes certain system details as plain text
Low
CVE-2017-15709
was published
for
org.apache.activemq:activemq-openwire-generator
(Maven)
May 13, 2022
Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key
Low
CVE-2018-1999031
was published
for
org.jenkins-ci.plugins:meliora-testlab
(Maven)
May 14, 2022
Support bundles can include user session IDs in Jenkins Support Core Plugin
Low
CVE-2021-21621
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
May 24, 2022
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
Low
CVE-2023-43123
was published
for
org.apache.storm:storm-core
(Maven)
Nov 23, 2023
Vaadin vulnerable to possible information disclosure of class and method names in RPC response
Low
CVE-2023-25500
was published
for
com.vaadin:flow-server
(Maven)
Jun 22, 2023
Secret displayed without masking by Chef Identity Plugin
Low
CVE-2023-39155
was published
for
org.jenkins-ci.plugins:chef-identity
(Maven)
Jul 26, 2023
Information Disclosure in Guava
Low
CVE-2020-8908
was published
for
com.google.guava:guava
(Maven)
Mar 25, 2021
Apache Camel information exposure vulnerability
Low
CVE-2023-34442
was published
for
org.apache.camel:camel-jira
(Maven)
Jul 10, 2023
Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
Low
CVE-2023-26049
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 18, 2023
Apache Tomcat AJP Connector Information Leak
Low
CVE-2005-3164
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Insecure temporary file usage in Jenkins Git Client Plugin
Low
CVE-2017-1000242
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
May 17, 2022
Directory exposure in jetty
Low
CVE-2021-28163
was published
for
org.eclipse.jetty:jetty-deploy
(Maven)
Apr 6, 2021
Exposure of Sensitive Information in Jenkins Datadog plugin
Low
CVE-2017-1000114
was published
for
org.datadog.jenkins.plugins:datadog
(Maven)
May 17, 2022
Potential sensitive data exposure in applications using Vaadin 15
Low
CVE-2020-36319
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Jenkins GitHub Pull Request Builder Plugin
Low
CVE-2018-1000143
was published
for
org.jenkins-ci.plugins:ghprb
(Maven)
May 14, 2022
Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
Low
CVE-2018-1000150
was published
for
org.jenkins-ci.plugins:reverse-proxy-auth-plugin
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Low
CVE-2013-2071
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API