GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
149 advisories
Filter by severity
Unsafe Deserialization in jackson-databind
High
CVE-2020-24750
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Prototype pollution in webpack loader-utils
Critical
CVE-2022-37601
was published
for
loader-utils
(npm)
Oct 13, 2022
ecdsa-elixir fails to check signatures, vulnerable to message forging
Critical
CVE-2021-43568
was published
for
ecdsa-elixir
(Erlang)
May 24, 2022
XXE vulnerability in Jenkins Job Import Plugin
Critical
CVE-2019-1003015
was published
for
org.jenkins-ci.plugins:job-import-plugin
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin
Critical
CVE-2019-10418
was published
for
io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps
(Maven)
May 24, 2022
Jenkins Plugin Installation Manager Tool did not verify plugin downloads
Critical
CVE-2020-2320
was published
for
io.jenkins.plugin-management:plugin-management-parent-pom
(Maven)
May 24, 2022
XML external entity vulnerability in Jenkins Nuget Plugin
Critical
CVE-2021-21658
was published
for
org.jenkins-ci.plugins:nuget
(Maven)
May 24, 2022
Path Traversal in Jenkins Warnings Next Generation Plugin
High
CVE-2022-23107
was published
for
io.jenkins.plugins:warnings-ng
(Maven)
Jan 21, 2022
Stored XSS vulnerability in Jenkins Badge Plugin
Moderate
CVE-2022-23108
was published
for
org.jenkins-ci.plugins:badge
(Maven)
Jan 13, 2022
Access key stored in plain text by Jenkins Metrics Plugin
Moderate
CVE-2022-20621
was published
for
org.jenkins-ci.plugins:metrics
(Maven)
Jan 13, 2022
CSRF vulnerability in Jenkins autonomiq plugin
High
CVE-2022-25194
was published
for
io.jenkins.plugins:autonomiq
(Maven)
Feb 16, 2022
Stored XSS vulnerability in Jenkins Git Parameter Plugin
Moderate
CVE-2022-29040
was published
for
org.jenkins-ci.tools:git-parameter
(Maven)
Apr 13, 2022
Remote code execution in handlebars when compiling templates
Critical
CVE-2021-23369
was published
for
handlebars
(Maven)
May 6, 2021
Improper handling of untrusted branches in Gitea Jenkins Plugin
High
CVE-2019-10330
was published
for
org.jenkins-ci.plugins:gitea
(Maven)
May 24, 2022
Subversion Plugin stored XSS vulnerability
Moderate
CVE-2020-2111
was published
for
org.jenkins-ci.plugins:subversion
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21686
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Sandbox Bypass in Script Security Plugin
High
CVE-2019-1003005
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Sandbox bypass in ontrack Jenkins Plugin
Critical
CVE-2019-10306
was published
for
org.jenkins-ci.plugins:ontrack
(Maven)
May 24, 2022
Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin
Moderate
CVE-2020-2252
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin
Critical
CVE-2020-2279
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Improper Authentication in Jenkins Active Directory Plugin
Critical
CVE-2020-2299
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 24, 2022
Authentication cache in Active Directory Jenkins Plugin allows logging in with any password
Critical
CVE-2020-2301
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Mercurial Plugin
Moderate
CVE-2020-2305
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
May 24, 2022
Missing Authorization in Jenkins Mercurial Plugin
Moderate
CVE-2020-2306
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin
Moderate
CVE-2020-2307
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API