Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

46 advisories

Loading
Arbitrary Code Generation High
CVE-2020-15142 was published for openapi-python-client (pip) Aug 20, 2020
emann dtkav
dbanty westonsteimel
XXE vulnerability in Jenkins Flaky Test Handler Plugin High
CVE-2022-28140 was published for org.jenkins-ci.plugins:flaky-test-handler (Maven) Mar 30, 2022
westonsteimel
CSRF vulnerability in Jenkins Publish Over FTP Plugin High
CVE-2022-29050 was published for org.jenkins-ci.plugins:publish-over-ftp (Maven) Apr 13, 2022
westonsteimel
AWS CodeDeploy Plugin stored AWS Secret Key in plain text High
CVE-2018-1000403 was published for com.amazonaws:codedeploy (Maven) May 13, 2022
westonsteimel
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG High
CVE-2019-11842 was published for matrix-sydent (pip) May 24, 2022
westonsteimel
Exposure of sensitive information to an unauthorized actor in HyperKitty High
CVE-2021-33038 was published for HyperKitty (pip) Jun 1, 2021
westonsteimel
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin High
CVE-2022-23118 was published for ru.yandex.jenkins.plugins.debuilder:debian-package-builder (Maven) Jan 13, 2022
westonsteimel
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL High
CVE-2022-29049 was published for org.jenkins-ci.plugins:promoted-builds (Maven) Apr 13, 2022
NotMyFault westonsteimel
Remote Code Execution in Apache Flume High
CVE-2022-25167 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Jun 15, 2022
westonsteimel
Jetty vulnerable to exposure of sensitive information due to observable discrepancy High
CVE-2017-9735 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
westonsteimel
SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way High
CVE-2021-37137 was published for io.netty:netty (Maven) Sep 9, 2021
orvdoo westonsteimel
Information Exposure in Netty High
CVE-2015-2156 was published for io.netty:netty (Maven) Jun 30, 2020
westonsteimel
Bzip2Decoder doesn't allow setting size restrictions for decompressed data High
CVE-2021-37136 was published for io.netty:netty (Maven) Sep 9, 2021
orvdoo westonsteimel
golang.org/x/crypto/ssh Denial of service via crafted Signer High
CVE-2022-27191 was published for golang.org/x/crypto (Go) Mar 19, 2022
westonsteimel
Improper Verification of Cryptographic Signature in matrix-synapse High
CVE-2019-18835 was published for matrix-synapse (pip) May 24, 2022
westonsteimel
Unsafe Deserialization in jackson-databind High
CVE-2020-24750 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
westonsteimel
Path Traversal in Jenkins Warnings Next Generation Plugin High
CVE-2022-23107 was published for io.jenkins.plugins:warnings-ng (Maven) Jan 21, 2022
westonsteimel
CSRF vulnerability in Jenkins autonomiq plugin High
CVE-2022-25194 was published for io.jenkins.plugins:autonomiq (Maven) Feb 16, 2022
westonsteimel NotMyFault
Improper handling of untrusted branches in Gitea Jenkins Plugin High
CVE-2019-10330 was published for org.jenkins-ci.plugins:gitea (Maven) May 24, 2022
westonsteimel
Sandbox Bypass in Script Security Plugin High
CVE-2019-1003005 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
westonsteimel
XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin High
CVE-2019-10327 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) May 24, 2022
westonsteimel
Plaintext password storage in Jenkins InfluxDB Plugin High
CVE-2019-10329 was published for org.jenkins-ci.plugins:influxdb (Maven) May 24, 2022
westonsteimel
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin High
CVE-2022-25174 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
westonsteimel
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin High
CVE-2022-25173 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
westonsteimel
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin High
CVE-2022-20619 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
ProTip! Advisories are also available from the GraphQL API