Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,479
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,395 advisories

Loading
SaltStack Salt Allows creating certificates with weak file permissions Moderate
CVE-2020-17490 was published for salt (pip) May 24, 2022
Stored XSS vulnerability in Jenkins FindBugs Plugin Moderate
CVE-2020-2317 was published for org.jvnet.hudson.plugins:findbugs (Maven) May 24, 2022
NotMyFault
Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin Low
CVE-2020-2319 was published for org.jenkins-ci.plugins:labmanager (Maven) May 24, 2022
NotMyFault
Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin Moderate
CVE-2020-2318 was published for org.jenkins-ci.plugins:mailcommander (Maven) May 24, 2022
NotMyFault
Password written to the build log by Jenkins SQLPlus Script Runner Plugin Moderate
CVE-2020-2312 was published for org.jenkins-ci.plugins:sqlplus-script-runner (Maven) May 24, 2022
NotMyFault
Missing authorization in Jenkins Kubernetes Plugin Moderate
CVE-2020-2309 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) May 24, 2022
westonsteimel
Missing permission check in Jenkins AWS Global Configuration Plugin allows replacing plugin configuration Moderate
CVE-2020-2311 was published for io.jenkins.plugins:aws-global-configuration (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Ansible Plugin allow enumerating credentials IDs Moderate
CVE-2020-2310 was published for org.jenkins-ci.plugins:ansible (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Azure Key Vault Plugin allow enumerating credentials IDs Moderate
CVE-2020-2313 was published for org.jenkins-ci.plugins:azure-keyvault (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Static Analysis Utilities Plugin Moderate
CVE-2020-2316 was published for org.jvnet.hudson.plugins:analysis-core (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Visualworks Store Plugin Moderate
CVE-2020-2315 was published for org.jenkins-ci.plugins:visualworks-store (Maven) May 24, 2022
NotMyFault
Password stored in plain text by Jenkins AppSpider Plugin Low
CVE-2020-2314 was published for com.rapid7:jenkinsci-appspider-plugin (Maven) May 24, 2022
NotMyFault
Missing Authorization in Jenkins Kubernetes Plugin Moderate
CVE-2020-2308 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) May 24, 2022
westonsteimel
XXE vulnerability in Jenkins Subversion Plugin Moderate
CVE-2020-2304 was published for org.jenkins-ci.plugins:subversion (Maven) May 24, 2022
NotMyFault
Improper Authentication (empty password) in Jenkins Active Directory Plugin Critical
CVE-2020-2300 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel NotMyFault
CSRF vulnerability in Jenkins Active Directory Plugin Moderate
CVE-2020-2303 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Active Directory Plugin allows accessing domain health check page Moderate
CVE-2020-2302 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
NotMyFault
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin Moderate
CVE-2020-2307 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) May 24, 2022
westonsteimel
Missing Authorization in Jenkins Mercurial Plugin Moderate
CVE-2020-2306 was published for org.jenkins-ci.plugins:mercurial (Maven) May 24, 2022
westonsteimel
Authentication cache in Active Directory Jenkins Plugin allows logging in with any password Critical
CVE-2020-2301 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel NotMyFault
Improper Authentication in Jenkins Active Directory Plugin Critical
CVE-2020-2299 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel
XXE vulnerability in Jenkins Mercurial Plugin Moderate
CVE-2020-2305 was published for org.jenkins-ci.plugins:mercurial (Maven) May 24, 2022
NotMyFault westonsteimel
Bookstack Cross-site Scripting vulnerability High
CVE-2020-26211 was published for ssddanbrown/bookstack (Composer) May 24, 2022
Uncontrolled Resource Consumption in WildFly Moderate
CVE-2020-25689 was published for org.wildfly:wildfly-dist (Maven) May 24, 2022
aptdaemon Information Disclosure via Improper Input Validation in Transaction class Moderate
CVE-2020-15703 was published for aptdaemon (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database