Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,809
Erlang
36
GitHub Actions
31
Go
2,395
Maven
5,000+
npm
4,030
NuGet
720
pip
3,819
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

23,249 advisories

Loading
Jenkins Testsigma Test Plan vulnerability exposes API keys via job configuration form Low
CVE-2025-53661 was published for io.jenkins.plugins:testsigma (Maven) Jul 9, 2025
Jenkins QMetry Test Management Plugin stores unencrypted API keys Moderate
CVE-2025-53659 was published for org.jenkins-ci.plugins:qmetry-test-management (Maven) Jul 9, 2025
Jenkins ReadyAPI Functional Testing Plugin vulnerability exposes secrets Moderate
CVE-2025-53657 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) Jul 9, 2025
Jenkins Applitools Eyes Plugin vulnerable to XSS through its Build page High
CVE-2025-53658 was published for org.jenkins-ci.plugins:applitools-eyes (Maven) Jul 9, 2025
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens Moderate
CVE-2025-53665 was published for com.apica:ApicaLoadtest (Maven) Jul 9, 2025
Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens Moderate
CVE-2025-53674 was published for org.jenkins-ci.plugins:sensedia-api-platform (Maven) Jul 9, 2025
Jenkins IFTTT Build Notifier Plugin vulnerability exposes IFTTT Maker Channel Keys Moderate
CVE-2025-53662 was published for org.jenkins-ci.plugins:ifttt-build-notifier (Maven) Jul 9, 2025
Jenkins Aqua Security Scanner Plugin vulnerability exposes scanner tokens Moderate
CVE-2025-53653 was published for org.jenkins-ci.plugins:aqua-security-scanner (Maven) Jul 9, 2025
Jenkins HTML Publisher Plugin vulnerability displays controller file system information in its logs Moderate
CVE-2025-53651 was published for org.jenkins-ci.plugins:htmlpublisher (Maven) Jul 9, 2025
Jenkins Statistics Gatherer Plugin vulnerability exposes AWS Secret Key Moderate
CVE-2025-53654 was published for org.jenkins.plugins.statistics.gatherer:statistics-gatherer (Maven) Jul 9, 2025
Jenkins Git Parameter Plugin vulnerable to code injection due to inexhaustive parameter check Moderate
CVE-2025-53652 was published for org.jenkins-ci.tools:git-parameter (Maven) Jul 9, 2025
Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages Moderate
CVE-2025-53650 was published for org.jenkins-ci.plugins:credentials-binding (Maven) Jul 9, 2025
Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests Critical
CVE-2025-53620 was published for @builder.io/qwik-city (npm) Jul 9, 2025
finalgamer
@clerk/backend Performs Insufficient Verification of Data Authenticity High
CVE-2025-53548 was published for @clerk/astro (npm) Jul 9, 2025
GautierT
Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points Low
GHSA-phhq-63jg-fp7r was published for github.com/edgelesssys/contrast (Go) Jul 9, 2025
burgerdev katexochen
thomasten
Juju allows arbitrary executable uploads via authenticated endpoint without authorization High
CVE-2025-0928 was published for github.com/juju/juju (Go) Jul 9, 2025
tlm wallyworld
hpidcock Fedqys
Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization Moderate
CVE-2025-53512 was published for github.com/juju/juju (Go) Jul 9, 2025
wallyworld hpidcock
mcp-remote exposed to OS command injection via untrusted MCP server connections Critical
CVE-2025-6514 was published for mcp-remote (npm) Jul 9, 2025
Juju zip slip vulnerability via authenticated endpoint High
CVE-2025-53513 was published for github.com/juju/juju (Go) Jul 9, 2025
wallyworld hpidcock
Cosmos SDK's Integer Overflow vulnerability in its Validator Rewards pool can cause a chain halt High
GHSA-p22h-3m2v-cmgh was published for github.com/cosmos/cosmos-sdk (Go) Jul 8, 2025
Helm vulnerable to Code Injection through malicious chart.yaml content High
CVE-2025-53547 was published for helm.sh/helm/v3 (Go) Jul 8, 2025
jake-ciolek
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages High
CVE-2025-7346 was published for pyload-ng (pip) Jul 8, 2025
PinkDraconian
MCP Server Kubernetes vulnerable to command injection in several tools High
CVE-2025-53355 was published for mcp-server-kubernetes (npm) Jul 8, 2025
dellalibera
Babylon vulnerable to chain halt when a message modifies the validator set at the epoch boundary High
GHSA-rj53-j6jw-7f7g was published for github.com/babylonlabs-io/babylon/v2 (Go) Jul 8, 2025
Cloudflare Vite plugin exposes secrets over the built-in dev server Moderate
GHSA-4pfg-2mw5-f8jx was published for @cloudflare/vite-plugin (npm) Jul 8, 2025
Cherry
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database