GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,715
Erlang
34
GitHub Actions
28
Go
2,304
Maven
5,000+
npm
3,946
NuGet
711
pip
3,716
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
270 advisories
Filter by severity
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2135
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2134
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Remote code execution vulnerability in Jenkins Templating Engine Plugin
High
CVE-2021-21646
was published
for
org.jenkins-ci.plugins:templating-engine
(Maven)
May 24, 2022
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
High
CVE-2021-21696
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
High
CVE-2022-25181
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
High
CVE-2022-25182
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
High
CVE-2022-25183
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin
Critical
CVE-2019-10328
was published
for
org.jenkins-ci.plugins:workflow-remote-loader
(Maven)
May 24, 2022
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files
Moderate
CVE-2022-25197
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Feb 16, 2022
Unauthorized view fragment access in Jenkins
High
CVE-2022-34175
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Corveda PHPSandbox Protection Mechanism Failure vulnerability
Moderate
CVE-2014-125107
was published
for
corveda/phpsandbox
(Composer)
Dec 19, 2023
Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin
Moderate
CVE-2022-43422
was published
for
com.compuware.jenkins:compuware-topaz-utilities
(Maven)
Oct 19, 2022
Sandbox escape in Jenkins Email Extension Plugin
Critical
CVE-2023-25765
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
Feb 15, 2023
Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin
Moderate
CVE-2022-43424
was published
for
com.compuware.jenkins:compuware-xpediter-code-coverage
(Maven)
Oct 19, 2022
Jenkins Katalon Plugin vulnerable to Protection Mechanism Failure
High
CVE-2022-43416
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
Jenkins Compuware zAdviser API Plugin vulnerable to protection mechanism failure
Moderate
CVE-2022-36900
was published
for
com.compuware.jenkins:compuware-zadviser-api
(Maven)
Jul 28, 2022
Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin
High
CVE-2022-43434
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Oct 19, 2022
Denial of Service in http-proxy
High
GHSA-6x33-pw7p-hmpq
was published
for
http-proxy
(npm)
Sep 4, 2020
A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as...
Low
Unreviewed
CVE-2023-4466
was published
Dec 29, 2023
Intermittent HTTP policy bypass
High
CVE-2024-28248
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to...
Moderate
Unreviewed
CVE-2024-30370
was published
Apr 2, 2024
The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world...
Moderate
Unreviewed
CVE-2011-3151
was published
Apr 22, 2022
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol parser...
Moderate
Unreviewed
CVE-2019-1833
was published
May 24, 2022
A vulnerability in the detection engine of Cisco Firepower Threat Defense (FTD) Software could...
High
Unreviewed
CVE-2019-1832
was published
May 24, 2022
The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder,...
Moderate
Unreviewed
CVE-2019-12938
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API