Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

274 advisories

Loading
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2134 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault
Remote code execution vulnerability in Jenkins Templating Engine Plugin High
CVE-2021-21646 was published for org.jenkins-ci.plugins:templating-engine (Maven) May 24, 2022
NotMyFault
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin High
CVE-2021-21696 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25181 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25182 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25183 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin Critical
CVE-2019-10328 was published for org.jenkins-ci.plugins:workflow-remote-loader (Maven) May 24, 2022
westonsteimel
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files Moderate
CVE-2022-25197 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Feb 16, 2022
NotMyFault
Unauthorized view fragment access in Jenkins High
CVE-2022-34175 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
Corveda PHPSandbox Protection Mechanism Failure vulnerability Moderate
CVE-2014-125107 was published for corveda/phpsandbox (Composer) Dec 19, 2023
Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin Moderate
CVE-2022-43422 was published for com.compuware.jenkins:compuware-topaz-utilities (Maven) Oct 19, 2022
NotMyFault
Sandbox escape in Jenkins Email Extension Plugin Critical
CVE-2023-25765 was published for org.jenkins-ci.plugins:email-ext (Maven) Feb 15, 2023
Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin Moderate
CVE-2022-43424 was published for com.compuware.jenkins:compuware-xpediter-code-coverage (Maven) Oct 19, 2022
NotMyFault
Jenkins Katalon Plugin vulnerable to Protection Mechanism Failure High
CVE-2022-43416 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
Jenkins Compuware zAdviser API Plugin vulnerable to protection mechanism failure Moderate
CVE-2022-36900 was published for com.compuware.jenkins:compuware-zadviser-api (Maven) Jul 28, 2022
Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin High
CVE-2022-43434 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Oct 19, 2022
NotMyFault
Denial of Service in http-proxy High
GHSA-6x33-pw7p-hmpq was published for http-proxy (npm) Sep 4, 2020
chalbersma
A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as... Low Unreviewed
CVE-2023-4466 was published Dec 29, 2023
Intermittent HTTP policy bypass High
CVE-2024-28248 was published for github.com/cilium/cilium (Go) Mar 18, 2024
sayboras
RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to... Moderate Unreviewed
CVE-2024-30370 was published Apr 2, 2024
The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world... Moderate Unreviewed
CVE-2011-3151 was published Apr 22, 2022
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol parser... Moderate Unreviewed
CVE-2019-1833 was published May 24, 2022
A vulnerability in the detection engine of Cisco Firepower Threat Defense (FTD) Software could... High Unreviewed
CVE-2019-1832 was published May 24, 2022
The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder,... Moderate Unreviewed
CVE-2019-12938 was published May 24, 2022
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol... High Unreviewed
CVE-2019-1970 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database