Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,892 advisories

Loading
Jenkins buildgraph-view Plugin vulnerable to stored Cross-site Scripting Moderate
CVE-2019-16562 was published for org.jenkins-ci.plugins:buildgraph-view (Maven) May 24, 2022
Jenkins Team Concert Plugin cross-site request forgery vulnerability High
CVE-2019-16565 was published for org.jenkins-ci.plugins:teamconcert (Maven) May 24, 2022
Jenkins WebSphere Deployer Plugin missing permission check Moderate
CVE-2019-16559 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin Moderate
CVE-2019-16555 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 24, 2022
Jenkins Maven Release Plug-in Plugin XXE vulnerability High
CVE-2019-16549 was published for org.jenkins-ci.plugins.m2release:m2release (Maven) May 24, 2022
Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin High
CVE-2019-16550 was published for org.jenkins-ci.plugins.m2release:m2release (Maven) May 24, 2022
Missing permission check in Jenkins Gerrit Trigger Plugin Moderate
CVE-2019-16552 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) May 24, 2022
Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin High
CVE-2019-16553 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 24, 2022
Cross-Site Request Forgery in Jenkins Gerrit Trigger Plugin High
CVE-2019-16551 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) May 24, 2022
Possible to circumvent title-blacklist Moderate
CVE-2019-19709 was published for mediawiki/core (Composer) May 24, 2022
Nokogiri implementation of libxslt vulnerable to heap corruption High
CVE-2019-5815 was published for nokogiri (RubyGems) May 24, 2022
Modoboa is vulnerable to an XML External Entity Injection (XXE) High
CVE-2019-19702 was published for modoboa-dmarc (pip) May 24, 2022
OpenStack Keystone Credential Leakage High
CVE-2019-19687 was published for keystone (pip) May 24, 2022
phpMyAdmin unsanitized Git information Critical
CVE-2019-19617 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
GitBook allows Cross-site Scripting via a local .md file. Moderate
CVE-2019-19596 was published for gitbook (npm) May 24, 2022
Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access Moderate
CVE-2019-11255 was published for github.com/kubernetes-csi/external-provisioner (Go) May 24, 2022
Keycloak Authentication Error Critical
CVE-2019-14910 was published for org.keycloak:keycloak-parent (Maven) May 24, 2022
Keycloak Authentication Error High
CVE-2019-14909 was published for org.keycloak:keycloak-parent (Maven) May 24, 2022
Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite Low
CVE-2016-1000021 was published for cli (npm) May 24, 2022 withdrawn
FreeIPA logs passwords embedded in commands in calls using batch Moderate
CVE-2019-10195 was published for freeipa (pip) May 24, 2022
Dolibarr ERP and CRM contain XSS Vulnerability Moderate
CVE-2019-19206 was published for dolibarr/dolibarr (Composer) May 24, 2022
Ansible password prompts could expose passwords High
CVE-2019-14856 was published for ansible (pip) May 24, 2022
Katello cleartext password storage issue Low
CVE-2019-14825 was published for katello (RubyGems) May 24, 2022
Pivotal RabbitMQ is vulnerable to a denial of service attack High
CVE-2019-11287 was published for RabbitMQ (Erlang) May 24, 2022
Cross-site Scripting in RabbitMQ Low
CVE-2019-11291 was published for rabbit_common (Erlang) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database