GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,297
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
33,223 advisories
Filter by severity
Jenkins Statistics Gatherer Plugin does not mask AWS Secret Key
Moderate
CVE-2025-53655
was published
for
org.jenkins.plugins.statistics.gatherer:statistics-gatherer
(Maven)
Jul 9, 2025
Jenkins ReadyAPI Functional Testing Plugin vulnerability exposes secrets
Moderate
CVE-2025-53657
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
Jul 9, 2025
Jenkins Testsigma Test Plan vulnerability exposes API keys via job configuration form
Low
CVE-2025-53661
was published
for
io.jenkins.plugins:testsigma
(Maven)
Jul 9, 2025
Jenkins Nouvola DiveCloud Plugin vulnerability does not mask keys on its job configuration form
Moderate
CVE-2025-53671
was published
for
org.jenkins-ci.plugins:nouvola-divecloud
(Maven)
Jul 9, 2025
Jenkins VAddy Plugin vulnerability exposes unencrypted keys to certain authenticated users
Moderate
CVE-2025-53668
was published
for
org.jenkins-ci.plugins:vaddy-plugin
(Maven)
Jul 9, 2025
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens
Moderate
CVE-2025-53664
was published
for
com.apica:ApicaLoadtest
(Maven)
Jul 9, 2025
Jenkins IFTTT Build Notifier Plugin vulnerability exposes IFTTT Maker Channel Keys
Moderate
CVE-2025-53662
was published
for
org.jenkins-ci.plugins:ifttt-build-notifier
(Maven)
Jul 9, 2025
Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens
Moderate
CVE-2025-53674
was published
for
org.jenkins-ci.plugins:sensedia-api-platform
(Maven)
Jul 9, 2025
Jenkins Nouvola DiveCloud Plugin vulnerability stores unencrypted credentials
Moderate
CVE-2025-53670
was published
for
org.jenkins-ci.plugins:nouvola-divecloud
(Maven)
Jul 9, 2025
Jenkins Applitools Eyes Plugin vulnerable to XSS through its Build page
High
CVE-2025-53658
was published
for
org.jenkins-ci.plugins:applitools-eyes
(Maven)
Jul 9, 2025
Jenkins HTML Publisher Plugin vulnerability displays controller file system information in its logs
Moderate
CVE-2025-53651
was published
for
org.jenkins-ci.plugins:htmlpublisher
(Maven)
Jul 9, 2025
Jenkins Aqua Security Scanner Plugin vulnerability exposes scanner tokens
Moderate
CVE-2025-53653
was published
for
org.jenkins-ci.plugins:aqua-security-scanner
(Maven)
Jul 9, 2025
Jenkins Git Parameter Plugin vulnerable to code injection due to inexhaustive parameter check
Moderate
CVE-2025-53652
was published
for
org.jenkins-ci.tools:git-parameter
(Maven)
Jul 9, 2025
Jenkins Statistics Gatherer Plugin vulnerability exposes AWS Secret Key
Moderate
CVE-2025-53654
was published
for
org.jenkins.plugins.statistics.gatherer:statistics-gatherer
(Maven)
Jul 9, 2025
Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages
Moderate
CVE-2025-53650
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
Jul 9, 2025
Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests
Critical
CVE-2025-53620
was published
for
@builder.io/qwik-city
(npm)
Jul 9, 2025
@clerk/backend Performs Insufficient Verification of Data Authenticity
High
CVE-2025-53548
was published
for
@clerk/astro
(npm)
Jul 9, 2025
Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points
Low
GHSA-phhq-63jg-fp7r
was published
for
github.com/edgelesssys/contrast
(Go)
Jul 9, 2025
Juju allows arbitrary executable uploads via authenticated endpoint without authorization
High
CVE-2025-0928
was published
for
github.com/juju/juju
(Go)
Jul 9, 2025
Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization
Moderate
CVE-2025-53512
was published
for
github.com/juju/juju
(Go)
Jul 9, 2025
mcp-remote exposed to OS command injection via untrusted MCP server connections
Critical
CVE-2025-6514
was published
for
mcp-remote
(npm)
Jul 9, 2025
Juju zip slip vulnerability via authenticated endpoint
High
CVE-2025-53513
was published
for
github.com/juju/juju
(Go)
Jul 9, 2025
Cosmos SDK's Integer Overflow vulnerability in its Validator Rewards pool can cause a chain halt
High
GHSA-p22h-3m2v-cmgh
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Jul 8, 2025
Helm vulnerable to Code Injection through malicious chart.yaml content
High
CVE-2025-53547
was published
for
helm.sh/helm/v3
(Go)
Jul 8, 2025
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages
High
CVE-2025-7346
was published
for
pyload-ng
(pip)
Jul 8, 2025
ProTip!
Advisories are also available from the
GraphQL API