Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,740 advisories

Loading
Missing permission checks in Google Kubernetes Engine Jenkins Plugin Moderate
CVE-2019-10445 was published for org.jenkins-ci.plugins:google-kubernetes-engine (Maven) May 24, 2022
Jenkins iceScrum Plugin vulnerable to Cross-site Request Forgery Moderate
CVE-2019-10441 was published for org.jenkins-ci.plugins:icescrum (Maven) May 24, 2022
Jenkins iceScrum Plugin vulnerable to Missing Authorization Moderate
CVE-2019-10442 was published for org.jenkins-ci.plugins:icescrum (Maven) May 24, 2022
Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification High
CVE-2019-10446 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 24, 2022
Jenkins iceScrum Plugin stores credentials in Cleartext High
CVE-2019-10443 was published for org.jenkins-ci.plugins:icescrum (Maven) May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization Moderate
CVE-2019-10439 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin High
CVE-2019-10448 was published for jenkins.xtc:extensivetesting (Maven) May 24, 2022
Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation Moderate
CVE-2019-10444 was published for org.jenkins-ci.plugins:bumblebee (Maven) May 24, 2022
Jenkins Sofy.AI Plugin stores API token in plain text Moderate
CVE-2019-10447 was published for io.jenkins.plugins:sofy-ai (Maven) May 24, 2022
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin Moderate
CVE-2019-10436 was published for org.jenkins-ci.plugins:google-oauth-plugin (Maven) May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization Moderate
CVE-2019-10438 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to Cross-Site Request Forgery High
CVE-2019-10437 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
Keycloak Unauthenticated Access High
CVE-2019-14832 was published for org.keycloak:keycloak-model-infinispan (Maven) May 24, 2022
Wildfly Authorization Misconfiguration Moderate
CVE-2019-14838 was published for org.wildfly.core:wildfly-host-controller (Maven) May 24, 2022
Ansible leaks sensitive information to logs when told not to Moderate
CVE-2019-14858 was published for ansible (pip) May 24, 2022
Craft CMS XSS Vulnerability Moderate
CVE-2019-17496 was published for craftcms/cms (Composer) May 24, 2022
z-song laravel-admin XSS via the Slug or Name on the Roles screen Moderate
CVE-2019-17433 was published for encore/laravel-admin (Composer) May 24, 2022
koji hub allows arbitrary upload destinations High
CVE-2019-17109 was published for koji (pip) May 24, 2022
OpenStack Octavia Amphora-Agent not requiring Client-Certificate Critical
CVE-2019-17134 was published for octavia (pip) May 24, 2022
Centreon Sensitive Data Exposure Moderate
CVE-2019-17106 was published for centreon/centreon (Composer) May 24, 2022
Centreon Does Not Set HTTPOnly Flag High
CVE-2019-17104 was published for centreon/centreon (Composer) May 24, 2022
Ansible Uses Plugins That Disclose Credentials High
CVE-2019-14846 was published for ansible (pip) May 24, 2022
Centreon Privilege Escalation Critical
CVE-2018-21025 was published for centreon/centreon (Composer) May 24, 2022
TeamPass Stored Cross-site Scripting Moderate
CVE-2019-17205 was published for nilsteampassnet/teampass (Composer) May 24, 2022
TeamPass Stored Cross-site Scripting Moderate
CVE-2019-17203 was published for nilsteampassnet/teampass (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database