Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

128 advisories

Loading
Jenkins does not exclude sensitive build variables from search Moderate
CVE-2023-43494 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 20, 2023
sunSUNQ
Spring Framework vulnerable to denial of service via specially crafted SpEL expression Moderate
CVE-2023-20861 was published for org.springframework:spring-expression (Maven) Mar 23, 2023
amita-seal sunSUNQ
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Moderate
CVE-2019-10352 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
sunSUNQ
Denial of Service in Apache ActiveMQ Moderate
CVE-2011-4905 was published for org.apache.activemq:activemq-core (Maven) May 17, 2022
sunSUNQ
Apache Struts2 Broken Access Control Vulnerability Moderate
CVE-2013-4310 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Jenkins allows attackers to execute arbitrary jobs Moderate
CVE-2014-2058 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins allows attackers to configure restricted projects Moderate
CVE-2013-7330 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins does not invalidate the API token when a user is deleted Moderate
CVE-2014-2062 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkin allows attackers to obtain passwords by reading the HTML source code Moderate
CVE-2014-2061 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins allows attackers to determine whether a user exists Moderate
CVE-2014-2064 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins session fixation vulnerability Moderate
CVE-2014-2066 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins cross-site scripting (XSS) vulnerability Moderate
CVE-2014-2065 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Improper Neutralization of Input During Web Page Generation in Jenkins Moderate
CVE-2015-7536 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins Cross-site Scripting vulnerability Moderate
CVE-2015-1812 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Apache ActiveMQ default configuration subject to denial of service Moderate
CVE-2012-6551 was published for org.apache.activemq:activemq-web-demo (Maven) May 17, 2022
sunSUNQ
Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet Moderate
CVE-2013-1880 was published for org.apache.activemq:activemq-core (Maven) May 17, 2022
sunSUNQ
Improper Authentication in Apache ActiveMQ Moderate
CVE-2013-3060 was published for org.apache.activemq:activemq-client (Maven) May 17, 2022
sunSUNQ
Apache Struts XSS Vulnerability Moderate
CVE-2016-2162 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Improper Control of Generation of Code ('Code Injection') in Spring Framework Moderate
CVE-2010-1622 was published for org.springframework:spring (Maven) May 17, 2022
sunSUNQ
Improper Input Validation in Apache ActiveMQ Moderate
CVE-2015-6524 was published for org.apache.activemq:activemq-broker (Maven) May 17, 2022
sunSUNQ
Open redirect in Apache Struts Moderate
CVE-2013-2248 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Apache Tomcat Allows Replacing of XML Parser Moderate
CVE-2011-2481 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
sunSUNQ
Apache Struts vulnerable to possible DoS attack when using URLValidator Moderate
CVE-2016-4465 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Denial of service in Apache Struts Moderate
CVE-2012-4387 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ
Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ Moderate
CVE-2013-1879 was published for org.apache.activemq:activemq-client (Maven) May 17, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API