Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,510
Erlang
33
GitHub Actions
25
Go
2,213
Maven
5,000+
npm
3,871
NuGet
696
pip
3,643
Pub
12
RubyGems
913
Rust
922
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,576 advisories

Loading
Jenkins Missing Permission Check Moderate
CVE-2025-31720 was published for org.jenkins-ci.main:jenkins-core (Maven) Apr 2, 2025
Jenkins Simple Queue Plugin Cross-Site Request Forgery (CSRF) Moderate
CVE-2025-31723 was published for io.jenkins.plugins:simple-queue (Maven) Apr 2, 2025
Jenkins Missing Permission Check Moderate
CVE-2025-31721 was published for org.jenkins-ci.main:jenkins-core (Maven) Apr 2, 2025
Jenkins Cadence vManager Plugin Stores Verisium Manager vAPI keys Unencrypted Moderate
CVE-2025-31724 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) Apr 2, 2025
Jenkins AsakusaSatellite Plugin Stores API Keys Unencrypted in Job `config.xml` Files Moderate
CVE-2025-31727 was published for org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin (Maven) Apr 2, 2025
Jenkins AsakusaSatellite Plugin Does not Mask API Keys via Job Configuration Form Moderate
CVE-2025-31728 was published for org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin (Maven) Apr 2, 2025
Jenkins Stack Hammer Plugin Stores API Keys Unencrypted in Job `config.xml` Files Moderate
CVE-2025-31726 was published for org.jenkins-ci.plugins:stackhammer (Maven) Apr 2, 2025
Jenkins monitor-remote-job Plugin Stores Passwords Unencrypted Moderate
CVE-2025-31725 was published for org.ukiuni.monitor-remote-job-plugin:monitor-remote-job (Maven) Apr 2, 2025
Apache Camel Missing Header Out Filter Leads to Potential Bypass/Injection Vulnerability Moderate
CVE-2025-30177 was published for org.apache.camel:camel-undertow (Maven) Apr 1, 2025
Netty QUIC hash collision DoS attack Moderate
CVE-2025-29908 was published for io.netty.incubator:netty-incubator-codec-quic (Maven) Mar 31, 2025
Solon Vulnerable to Path Traversal Moderate
CVE-2025-2961 was published for org.noear:solon-view (Maven) Mar 31, 2025
Infinispan Potential Out of Memory Error via REST Compare API Buffer API Moderate
CVE-2024-6875 was published for org.infinispan:infinispan-query (Maven) Mar 28, 2025
WildFly Elytron OpenID Connect Client ExtensionOIDC authorization code injection attack Moderate
CVE-2024-12369 was published for org.wildfly.security:wildfly-elytron (Maven) Mar 25, 2025
Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache Moderate
CVE-2025-2559 was published for org.keycloak:keycloak-services (Maven) Mar 25, 2025
Spring Security Vulnerable to Authorization Bypass via Security Annotations Moderate
CVE-2025-22223 was published for org.springframework.security:spring-security-core (Maven) Mar 24, 2025
Apache Commons VFS Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2025-30474 was published for org.apache.commons:commons-vfs2 (Maven) Mar 23, 2025
aizuda snail-job Vulnerable to Deserialization via `nodeExpression` Argument Moderate
CVE-2025-2622 was published for com.aizuda:snail-job (Maven) Mar 22, 2025
Apache Oozie Cross-Site Scripting (XSS) Moderate
CVE-2025-26796 was published for org.apache.oozie:oozie-core (Maven) Mar 22, 2025
Liferay Portal and Liferay DXP Reveals Data via Forms Moderate
CVE-2025-2565 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 20, 2025
Apache Druid vulnerable to Server-Side Request Forgery, Cross-site Scripting, Open Redirect Moderate
CVE-2025-27888 was published for org.apache.druid:druid (Maven) Mar 20, 2025
H2O Vulnerable to Execution of Arbitrary Files Moderate
CVE-2024-6863 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2025-2536 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 19, 2025
Wire has Uncontrolled Recursion on Nested Groups Moderate
CVE-2024-58103 was published for com.squareup.wire:wire-runtime (Maven) Mar 16, 2025
Ed25519 Signature Malleability in ed25519-java Due to Missing Scalar Range Check Moderate
CVE-2020-36843 was published for net.i2p.crypto:eddsa (Maven) Mar 13, 2025
Malayke
Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin Moderate
CVE-2025-27867 was published for org.apache.felix:org.apache.felix.http.webconsoleplugin (Maven) Mar 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database