Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

41 advisories

Loading
Authz zero length regression Critical
CVE-2024-41110 was published for github.com/docker/docker (Go) Jul 30, 2024
corhere westonsteimel
debasishbsws
Cache poisoning in drupal/core Critical
CVE-2023-5256 was published for drupal/core (Composer) Sep 28, 2023
westonsteimel
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL Critical
CVE-2022-42468 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Oct 26, 2022
westonsteimel
Prototype pollution in webpack loader-utils Critical
CVE-2022-37601 was published for loader-utils (npm) Oct 13, 2022
westonsteimel kennylindley
Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin Critical
CVE-2019-10328 was published for org.jenkins-ci.plugins:workflow-remote-loader (Maven) May 24, 2022
westonsteimel
ecdsa-elixir fails to check signatures, vulnerable to message forging Critical
CVE-2021-43568 was published for ecdsa-elixir (Erlang) May 24, 2022
westonsteimel
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21686 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault westonsteimel
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21685 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault westonsteimel
sunSUNQ
XXE vulnerability in Jenkins Generic Webhook Trigger Plugin Critical
CVE-2021-21669 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) May 24, 2022
westonsteimel NotMyFault
XML external entity vulnerability in Jenkins Nuget Plugin Critical
CVE-2021-21658 was published for org.jenkins-ci.plugins:nuget (Maven) May 24, 2022
westonsteimel NotMyFault
Jenkins Plugin Installation Manager Tool did not verify plugin downloads Critical
CVE-2020-2320 was published for io.jenkins.plugin-management:plugin-management-parent-pom (Maven) May 24, 2022
westonsteimel NotMyFault
tdunlap607
Improper Authentication (empty password) in Jenkins Active Directory Plugin Critical
CVE-2020-2300 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel NotMyFault
Authentication cache in Active Directory Jenkins Plugin allows logging in with any password Critical
CVE-2020-2301 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel NotMyFault
Improper Authentication in Jenkins Active Directory Plugin Critical
CVE-2020-2299 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel
Sandbox bypass vulnerability in Jenkins Script Security Plugin Critical
CVE-2020-2279 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault westonsteimel
Maltego incorrectly shares a MISP connection across users in a remote-transform use case Critical
CVE-2020-12889 was published for MISP-maltego (pip) May 24, 2022
westonsteimel
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin Critical
CVE-2019-10458 was published for org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline (Maven) May 24, 2022
westonsteimel
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin Critical
CVE-2019-10418 was published for io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps (Maven) May 24, 2022
westonsteimel
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin Critical
CVE-2019-10417 was published for io.fabric8.pipeline:kubernetes-pipeline-steps (Maven) May 24, 2022
westonsteimel
Sandbox bypass in ontrack Jenkins Plugin Critical
CVE-2019-10306 was published for org.jenkins-ci.plugins:ontrack (Maven) May 24, 2022
westonsteimel
django-anymail Includes Sensitive Information in Log Files Critical
CVE-2018-1000089 was published for django-anymail (pip) May 14, 2022
westonsteimel
Expected Behavior Violation in Apache Tomcat Critical
CVE-2017-5651 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2022
sunSUNQ westonsteimel
Unsafe pyyaml load usage in PyAnyAPI Critical
CVE-2017-16616 was published for pyanyapi (pip) May 13, 2022
westonsteimel
XXE vulnerability in Jenkins Job Import Plugin Critical
CVE-2019-1003015 was published for org.jenkins-ci.plugins:job-import-plugin (Maven) May 13, 2022
westonsteimel
Exposure of Resource to Wrong Sphere in Apache Tomcat Critical
CVE-2017-5648 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2022
sunSUNQ westonsteimel
ProTip! Advisories are also available from the GraphQL API