GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
41 advisories
Filter by severity
Authz zero length regression
Critical
CVE-2024-41110
was published
for
github.com/docker/docker
(Go)
Jul 30, 2024
Cache poisoning in drupal/core
Critical
CVE-2023-5256
was published
for
drupal/core
(Composer)
Sep 28, 2023
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL
Critical
CVE-2022-42468
was published
for
org.apache.flume.flume-ng-sources:flume-jms-source
(Maven)
Oct 26, 2022
Prototype pollution in webpack loader-utils
Critical
CVE-2022-37601
was published
for
loader-utils
(npm)
Oct 13, 2022
Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin
Critical
CVE-2019-10328
was published
for
org.jenkins-ci.plugins:workflow-remote-loader
(Maven)
May 24, 2022
ecdsa-elixir fails to check signatures, vulnerable to message forging
Critical
CVE-2021-43568
was published
for
ecdsa-elixir
(Erlang)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21686
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21685
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Generic Webhook Trigger Plugin
Critical
CVE-2021-21669
was published
for
org.jenkins-ci.plugins:generic-webhook-trigger
(Maven)
May 24, 2022
XML external entity vulnerability in Jenkins Nuget Plugin
Critical
CVE-2021-21658
was published
for
org.jenkins-ci.plugins:nuget
(Maven)
May 24, 2022
Jenkins Plugin Installation Manager Tool did not verify plugin downloads
Critical
CVE-2020-2320
was published
for
io.jenkins.plugin-management:plugin-management-parent-pom
(Maven)
May 24, 2022
Improper Authentication (empty password) in Jenkins Active Directory Plugin
Critical
CVE-2020-2300
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 24, 2022
Authentication cache in Active Directory Jenkins Plugin allows logging in with any password
Critical
CVE-2020-2301
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 24, 2022
Improper Authentication in Jenkins Active Directory Plugin
Critical
CVE-2020-2299
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin
Critical
CVE-2020-2279
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Maltego incorrectly shares a MISP connection across users in a remote-transform use case
Critical
CVE-2020-12889
was published
for
MISP-maltego
(pip)
May 24, 2022
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin
Critical
CVE-2019-10458
was published
for
org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline
(Maven)
May 24, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin
Critical
CVE-2019-10418
was published
for
io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps
(Maven)
May 24, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin
Critical
CVE-2019-10417
was published
for
io.fabric8.pipeline:kubernetes-pipeline-steps
(Maven)
May 24, 2022
Sandbox bypass in ontrack Jenkins Plugin
Critical
CVE-2019-10306
was published
for
org.jenkins-ci.plugins:ontrack
(Maven)
May 24, 2022
django-anymail Includes Sensitive Information in Log Files
Critical
CVE-2018-1000089
was published
for
django-anymail
(pip)
May 14, 2022
Expected Behavior Violation in Apache Tomcat
Critical
CVE-2017-5651
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 13, 2022
Unsafe pyyaml load usage in PyAnyAPI
Critical
CVE-2017-16616
was published
for
pyanyapi
(pip)
May 13, 2022
XXE vulnerability in Jenkins Job Import Plugin
Critical
CVE-2019-1003015
was published
for
org.jenkins-ci.plugins:job-import-plugin
(Maven)
May 13, 2022
Exposure of Resource to Wrong Sphere in Apache Tomcat
Critical
CVE-2017-5648
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API