Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

57 advisories

Loading
archivy is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4162 was published for archivy (pip) Jan 6, 2022
westonsteimel
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle westonsteimel
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin Moderate
CVE-2022-20616 was published for org.jenkins-ci.plugins:credentials-binding (Maven) Jan 13, 2022
NotMyFault westonsteimel
secjoker
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat Moderate
CVE-2024-23672 was published for org.apache.tomcat.embed:tomcat-embed-websocket (Maven) Mar 13, 2024
westonsteimel
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests Moderate
CVE-2024-24549 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 13, 2024
oscerd westonsteimel
golang.org/x/net/http2 vulnerable to possible excessive memory growth Moderate
CVE-2022-41717 was published for golang.org/x/net (Go) Dec 8, 2022
westonsteimel
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2024-21733 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 19, 2024
westonsteimel
Apache Geronimo Application Server CSRF vulnerabilities Moderate
CVE-2009-0039 was published for org.apache.geronimo.plugins:console (Maven) May 2, 2022
westonsteimel MarkLee131
Denial of service in Jenkins Core Moderate
CVE-2023-27900 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Incorrect Permission Preservation in Jenkins Core Moderate
CVE-2023-27902 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Jenkins Support Core Plugin stores sensitive data in plain text Moderate
CVE-2022-25187 was published for org.jenkins-ci.plugins:support-core (Maven) Feb 16, 2022
westonsteimel
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin Moderate
CVE-2022-20614 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022
westonsteimel
Cross-Site Request Forgery in Jenkins Mailer Plugin Moderate
CVE-2022-20613 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022
NotMyFault westonsteimel
Cross-site Scripting in Jenkins Dashboard View Plugin Moderate
CVE-2021-21649 was published for org.jenkins-ci.plugins:dashboard-view (Maven) Jun 16, 2021
NotMyFault westonsteimel
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin Moderate
CVE-2022-20618 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs Moderate
CVE-2022-20620 was published for org.jenkins-ci.plugins:ssh-agent (Maven) Jan 13, 2022
westonsteimel
Cross-Site Request Forgery in Jenkins Credentials Plugin Moderate
CVE-2021-21648 was published for org.jenkins-ci.plugins:credentials (Maven) Jun 16, 2021
NotMyFault westonsteimel
Stored XSS vulnerability in Matrix Project Plugin Moderate
CVE-2022-20615 was published for org.jenkins-ci.plugins:matrix-project (Maven) Jan 13, 2022
westonsteimel
Missing Authorization in Jenkins S3 publisher Plugin Moderate
CVE-2021-21650 was published for org.jenkins-ci.plugins:s3 (Maven) Jun 16, 2021
westonsteimel
Missing Authorization in Jenkins S3 publisher Plugin Moderate
CVE-2021-21651 was published for org.jenkins-ci.plugins:s3 (Maven) Jun 16, 2021
westonsteimel
Missing authorization in Jenkins Kubernetes Plugin Moderate
CVE-2020-2309 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) May 24, 2022
westonsteimel
Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds Moderate
CVE-2021-21647 was published for org.jenkins-ci.plugins:electricflow (Maven) May 24, 2022
NotMyFault westonsteimel
Missing Authorization in Jenkins Kubernetes Plugin Moderate
CVE-2020-2308 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) May 24, 2022
westonsteimel
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin Moderate
CVE-2020-2307 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) May 24, 2022
westonsteimel
Missing Authorization in Jenkins Mercurial Plugin Moderate
CVE-2020-2306 was published for org.jenkins-ci.plugins:mercurial (Maven) May 24, 2022
westonsteimel
ProTip! Advisories are also available from the GraphQL API