GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
10 advisories
Jenkins build-metrics Plugin reflected cross-site scripting vulnerability
Moderate
CVE-2019-10475
was published
for
org.jenkins-ci.plugins:build-metrics
(Maven)
May 24, 2022
User confusion in IronJacamar
Moderate
CVE-2012-3428
was published
for
org.jboss.ironjacamar:ironjacamar-jdbc
(Maven)
May 17, 2022
Apache Rave information disclosure vulnerability
Moderate
CVE-2013-1814
was published
for
org.apache.rave:rave-core
(Maven)
May 17, 2022
Denial of service in Apache Tomcat
Moderate
CVE-2014-0095
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 17, 2022
MitM on Jenkins Maven Plugin
Moderate
CVE-2017-1000397
was published
for
org.jenkins-ci.main:maven-plugin
(Maven)
May 14, 2022
Jenkins Black Duck Detect Plugin information exposure vulnerability
Moderate
CVE-2018-1000191
was published
for
com.synopsys.integration:synopsys-detect
(Maven)
May 14, 2022
Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials
Moderate
CVE-2018-1000057
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
May 13, 2022
Cross-site Scripting in Pivotal Spring Batch Admin
Moderate
CVE-2018-1229
was published
for
org.springframework.batch:spring-batch-admin-manager
(Maven)
May 13, 2022
Elasticsearch subject to cross site scripting
Moderate
CVE-2018-3824
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API