GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,434
Erlang
29
GitHub Actions
16
Go
1,660
Maven
4,922
npm
3,450
NuGet
594
pip
2,840
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,360 advisories
Filter by severity
Keycloak Reflected XSS
Moderate
CVE-2017-12158
was published
for
org.keycloak:keycloak-parent
(Maven)
May 13, 2022
Keycloak CSRF Vulnerability
High
CVE-2017-12159
was published
for
org.keycloak:keycloak-parent
(Maven)
May 13, 2022
Incorrect Authorization in Undertow
Moderate
CVE-2017-12196
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
Improper Input Validation in libpam4j
Moderate
CVE-2017-12197
was published
for
org.kohsuke:libpam4j
(Maven)
May 13, 2022
ovirt-engine Logs Plaintext Passwords To File
Moderate
CVE-2017-15113
was published
for
org.ovirt.engine.sdk:ovirt-engine-sdk-java
(Maven)
May 13, 2022
•
withdrawn
Inadequate Encryption Strength in Jenkins
Moderate
CVE-2017-2598
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Incomplete List of Disallowed Inputs in Jenkins
Moderate
CVE-2017-2602
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Path Traversal in io.hawt:project
High
CVE-2017-2594
was published
for
io.hawt:project
(Maven)
May 13, 2022
Insecure cookie sharing in Hawtio
Critical
CVE-2017-2589
was published
for
io.hawt:project
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Moderate
CVE-2017-2600
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Neutralization of Input During Web Page Generation in Jenkins
Moderate
CVE-2017-2610
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins
Moderate
CVE-2017-2612
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Moderate
CVE-2017-2606
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Low
CVE-2017-2603
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Jenkins
High
CVE-2017-2608
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Moderate
CVE-2017-2609
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Cross-Site Request Forgery in Jenkins
Moderate
CVE-2017-2613
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Authentication in Jenkins
Moderate
CVE-2017-2604
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Neutralization of Input During Web Page Generation in Jenkins
Moderate
CVE-2017-2607
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Infinispan Rest API Does Not Enforce Auth Constraints
Moderate
CVE-2017-2638
was published
for
org.infinispan:infinispan-server-core
(Maven)
May 13, 2022
Jenkins Active Directory Plugin did not verify certificate of AD server
High
CVE-2017-2649
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 13, 2022
hammer_cli_foreman Improper Certificate Validation vulnerability
High
CVE-2017-2667
was published
for
hammer_cli_foreman
(RubyGems)
May 13, 2022
Jenkins SSH Build Agents Plugin did not verify host keys
Moderate
CVE-2017-2648
was published
for
org.jenkins-ci.plugins:ssh-slaves
(Maven)
May 13, 2022
Missing permission checks in Jenkins Distributed Fork Plugin
High
CVE-2017-2652
was published
for
org.jenkins-ci.plugins:distfork
(Maven)
May 13, 2022
Emails were sent to addresses not associated with actual users of Jenkins by Email Extension Plugin
Moderate
CVE-2017-2654
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API