GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,704 advisories
Filter by severity
phpBB Cross-Site Request Forgery (CSRF)
High
CVE-2019-16993
was published
for
phpbb/phpbb
(Composer)
May 24, 2022
Dolibarr stored Cross-site Scripting vulnerability
Moderate
CVE-2019-16685
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Dolibarr Cross-site Scripting in a User Note section
Moderate
CVE-2019-16686
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Dolibarr Cross-site Scripting in a User Profile in a Signature section
Moderate
CVE-2019-16687
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Dolibarr stored Cross-site Scripting in an Email Template section
Moderate
CVE-2019-16688
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
phpBB Cross-Site Request Forgery (CSRF)
Moderate
CVE-2019-13376
was published
for
phpbb/phpbb
(Composer)
May 24, 2022
MediaWiki information disclosure
Moderate
CVE-2019-16738
was published
for
mediawiki/core
(Composer)
May 24, 2022
SilverStripe asset-admin Cross-site Scripting (XSS)
Moderate
CVE-2019-14272
was published
for
silverstripe/framework
(Composer)
May 24, 2022
Jenkins Google Calendar Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10425
was published
for
org.jenkins-ci.plugins:gcal
(Maven)
May 24, 2022
Silverstripe Flash Clipboard Reflected XSS
Moderate
CVE-2019-12205
was published
for
silverstripe/admin
(Composer)
May 24, 2022
Jenkins elOyente Plugin has Insufficiently Protected Credentials
Low
CVE-2019-10424
was published
for
com.technicolor:elOyente
(Maven)
May 24, 2022
Jenkins Violation Comments to GitLab Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10415
was published
for
org.jenkins-ci.plugins:violation-comments-to-gitlab
(Maven)
May 24, 2022
Violation Comments to GitLab Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10416
was published
for
org.jenkins-ci.plugins:violation-comments-to-gitlab
(Maven)
May 24, 2022
Jenkins Git Changelog Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10414
was published
for
de.wellnerbou.jenkins:git-changelog
(Maven)
May 24, 2022
Jenkins Assembla Plugin has Insufficiently Protected Credentials
Low
CVE-2019-10420
was published
for
org.jenkins-ci.plugins:assembla
(Maven)
May 24, 2022
Jenkins vFabric Application Director Plugin Insufficiently Protected Credentials
Low
CVE-2019-10419
was published
for
org.jenkins-ci.plugins:application-director-plugin
(Maven)
May 24, 2022
Jenkins CodeScan Plugin has Insufficiently Protected Credentials
Low
CVE-2019-10423
was published
for
com.villagechief.codescan.jenkins:codescan
(Maven)
May 24, 2022
Jenkins Call Remote Job Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10422
was published
for
org.ukiuni.callOtherJenkins:call-remote-job-plugin
(Maven)
May 24, 2022
Jenkins Azure Event Grid Build Notifier Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10421
was published
for
org.jenkins-ci.plugins:azure-event-grid-notifier
(Maven)
May 24, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin
Critical
CVE-2019-10417
was published
for
io.fabric8.pipeline:kubernetes-pipeline-steps
(Maven)
May 24, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin
Critical
CVE-2019-10418
was published
for
io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps
(Maven)
May 24, 2022
Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information
Low
CVE-2019-10412
was published
for
com.inedo.proget:inedo-proget
(Maven)
May 24, 2022
Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials
Moderate
CVE-2019-10413
was published
for
com.datatheorem.mobileappsecurity.jenkins.plugin:datatheorem-mobile-app-security
(Maven)
May 24, 2022
Jenkins Project Inheritance Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2019-10408
was published
for
hudson.plugins:project-inheritance
(Maven)
May 24, 2022
Jenkins Log Parser Plugin vulnerable to Cross-site Scripting
Moderate
CVE-2019-10410
was published
for
org.jenkins-ci.plugins:log-parser
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API