GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
260 advisories
ActiveMQ's OpenWire protocol exposes certain system details as plain text
Low
CVE-2017-15709
was published
for
org.apache.activemq:activemq-openwire-generator
(Maven)
May 13, 2022
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password
Low
CVE-2015-3189
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Jenkins allows attackers to obtain the master cryptographic key
Low
CVE-2013-0158
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 5, 2022
Cross-site scripting in Apache ActiveMQ
Low
CVE-2010-0684
was published
for
org.apache.activemq:activemq-parent
(Maven)
May 2, 2022
Apache Tomcat vulnerable to Cross-site Scripting
Low
CVE-2007-2450
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Keycloak is vulnerable to IDN homograph attack
Low
GHSA-mwm4-5qwr-g9pf
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 28, 2022
OIDC Logout redirect in keycloak
Low
CVE-2020-10734
was published
for
org.keycloak:keycloak-oidc-client-adapter-pom
(Maven)
Apr 28, 2022
Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin
Low
CVE-2022-27195
was published
for
org.jenkins-ci.plugins:parameterized-trigger
(Maven)
Mar 16, 2022
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin
Low
CVE-2022-27206
was published
for
org.jenkins-ci.plugins:gitlab-oauth
(Maven)
Mar 16, 2022
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin
Low
CVE-2022-25186
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Feb 16, 2022
Improper Synchronization in Jenkins Convertigo Mobile Platform Plugin
Low
CVE-2022-25210
was published
for
com.convertigo.jenkins.plugins:convertigo-mobile-platform
(Maven)
Feb 16, 2022
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin
Low
CVE-2022-23106
was published
for
io.jenkins:configuration-as-code
(Maven)
Jan 21, 2022
Password stored in plain text by Jenkins Publish Over SSH Plugin
Low
CVE-2022-23114
was published
for
org.jenkins-ci.plugins:publish-over-ssh
(Maven)
Jan 13, 2022
ProTip!
Advisories are also available from the
GraphQL API