Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

20 advisories

Loading
Protection mechanism failure in some Intel DCM software before version 5.2 may allow an... Critical Unreviewed
CVE-2023-31273 was published Nov 14, 2023
Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An... Critical Unreviewed
CVE-2023-32493 was published Aug 16, 2023
Sandbox escape in Jenkins Email Extension Plugin Critical
CVE-2023-25765 was published for org.jenkins-ci.plugins:email-ext (Maven) Feb 15, 2023
User login brute force protection functionality bypass Critical Unreviewed
CVE-2022-27516 was published Nov 9, 2022
Jenkins Script Security Plugin sandbox bypass vulnerability Critical
CVE-2022-43403 was published for org.jenkins-ci.plugins:script-security (Maven) Oct 19, 2022
Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution Critical
CVE-2022-43402 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Oct 19, 2022
isolated-vm has vulnerable CachedDataOptions in API Critical
CVE-2022-39266 was published for isolated-vm (npm) Sep 30, 2022
hedgehog80
An unauthenticated attacker can update the hostname with a specially crafted name that will allow... Critical Unreviewed
CVE-2022-31479 was published Jun 7, 2022
Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin Critical
CVE-2019-10328 was published for org.jenkins-ci.plugins:workflow-remote-loader (Maven) May 24, 2022
westonsteimel
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21690 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access... Critical Unreviewed
CVE-2021-32835 was published May 24, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin Critical
CVE-2020-2279 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault westonsteimel
Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD... Critical Unreviewed
CVE-2017-8864 was published May 17, 2022
The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW... Critical Unreviewed
CVE-2018-9318 was published May 14, 2022
The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW... Critical Unreviewed
CVE-2018-9311 was published May 14, 2022
Script security sandbox bypass in Matrix Project Plugin Critical
CVE-2019-1003031 was published for org.jenkins-ci.plugins:matrix-project (Maven) May 13, 2022
westonsteimel
Script security sandbox bypass in Jenkins Job DSL Plugin Critical
CVE-2019-1003034 was published for org.jenkins-ci.plugins:job-dsl (Maven) May 13, 2022
westonsteimel
Script security sandbox bypass in Jenkins Email Extension Plugin Critical
CVE-2019-1003032 was published for org.jenkins-ci.plugins:email-ext (Maven) May 13, 2022
westonsteimel
Sandbox bypass in Jenkins Pipeline: Groovy Plugin Critical
CVE-2019-1003030 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 13, 2022
westonsteimel
Sandbox bypass in Script Security Plugin Critical
CVE-2019-1003029 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
westonsteimel
ProTip! Advisories are also available from the GraphQL API