Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,331
Erlang
31
GitHub Actions
21
Go
2,093
Maven
5,000+
npm
3,756
NuGet
678
pip
3,443
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

2,470 advisories

Loading
Cross site scripting in Silverpeas Core Moderate
CVE-2024-56923 was published for org.silverpeas.core:silverpeas-core (Maven) Jan 22, 2025
Missing permission checks in Jenkins Azure Service Fabric Plugin Moderate
CVE-2025-24403 was published for org.jenkins-ci.plugins:service-fabric (Maven) Jan 22, 2025
CSRF vulnerability in Jenkins Azure Service Fabric Plugin Moderate
CVE-2025-24402 was published for org.jenkins-ci.plugins:service-fabric (Maven) Jan 22, 2025
Disabled permissions can be granted by Folder-based in Jenkins Authorization Strategy Plugin Moderate
CVE-2025-24401 was published for io.jenkins.plugins:folder-auth (Maven) Jan 22, 2025
Cache confusion in Jenkins Eiffel Broadcaster Plugin Moderate
CVE-2025-24400 was published for com.axis.jenkins.plugins.eiffel:eiffel-broadcaster (Maven) Jan 22, 2025
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs Moderate
CVE-2025-24397 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Jan 22, 2025
Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak Moderate
CVE-2025-0604 was published for org.keycloak:keycloak-ldap-federation (Maven) Jan 22, 2025
Elasticsearch allocation of resources without limits or throttling leads to crash Moderate
CVE-2024-43709 was published for org.elasticsearch:elasticsearch (Maven) Jan 21, 2025
Apache CXF: Denial of Service vulnerability with temporary files Moderate
CVE-2025-23184 was published for org.apache.cxf:cxf-core (Maven) Jan 21, 2025
Apache StreamPipes potentially allows creation of multiple identical accounts Moderate
CVE-2024-30471 was published for org.apache.streampipes:streampipes-parent (Maven) Jul 17, 2024
Apache StreamPipes has possibility of SSRF in pipeline element installation process Moderate
CVE-2024-31979 was published for org.apache.streampipes:streampipes-parent (Maven) Jul 17, 2024
Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability Moderate
CVE-2024-28153 was published for org.jenkins-ci.plugins:dependency-check-jenkins-plugin (Maven) Mar 6, 2024
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting Moderate
CVE-2024-28156 was published for org.jenkins-ci.plugins:build-monitor-plugin (Maven) Mar 6, 2024
Jenkins MQ Notifier Plugin exposes sensitive information in build logs Moderate
CVE-2024-28154 was published for com.sonymobile.jenkins.plugins.mq:mq-notifier (Maven) Mar 6, 2024
Jenkins AppSpider Plugin missing permission checks Moderate
CVE-2024-28155 was published for com.rapid7:jenkinsci-appspider-plugin (Maven) Mar 6, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management Moderate
CVE-2024-28098 was published for org.apache.pulsar:pulsar-broker (Maven) Mar 12, 2024
oscerd
Missing Authorization in Jenkins Blue Ocean Plugin Moderate
CVE-2017-1000105 was published for io.jenkins.blueocean:blueocean (Maven) May 13, 2022
anonymous-nlp-student
HAL Console has a Cross Site Scripting (XSS) vulnerability of user input Moderate
CVE-2025-23366 was published for org.jboss.hal:hal-console (Maven) Jan 16, 2025
Duplicate Advisory: Wildfly HAL Console Cross-Site Scripting Moderate
GHSA-5wjw-h8x5-v65m was published for org.jboss.hal:hal-console (Maven) Jan 14, 2025 withdrawn
Withdrawn Advisory: Netty vulnerability included in redis lettuce Moderate
GHSA-q4h9-7rxj-7gx2 was published for io.lettuce:lettuce-core (Maven) Dec 2, 2024 withdrawn
gmcallister-r7 SteffenGabel
Issue with whitespace in JWT roles in OpenSearch Moderate
CVE-2023-23612 was published for org.opensearch.plugin:opensearch-security (Maven) Jan 24, 2023
binary-1024
Field-level security issue with .keyword fields in OpenSearch Moderate
CVE-2023-23613 was published for org.opensearch.plugin:opensearch-security (Maven) Jan 24, 2023
binary-1024
Server-Side Forgery Request can be activated unmarshalling with XStream Moderate
CVE-2020-26258 was published for com.thoughtworks.xstream:xstream (Maven) Dec 21, 2020
vulnerability-analyst
Insecure Temporary File in RESTEasy Moderate
CVE-2023-0482 was published for org.jboss.resteasy:resteasy-core (Maven) Jan 15, 2025
Duplicate Advisory: Insecure Temporary File in RESTEasy Moderate
GHSA-jrmh-v64j-mjm9 was published for org.jboss.resteasy:resteasy-core (Maven) Feb 18, 2023 withdrawn
dovezp
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database