GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
144 advisories
Filter by severity
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21690
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
High
CVE-2021-21696
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to...
Moderate
Unreviewed
CVE-2021-35237
was published
May 24, 2022
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access...
Critical
Unreviewed
CVE-2021-32835
was published
May 24, 2022
Jenkins SAML Plugin allows bypassing CSRF protection for any URL
High
CVE-2021-21678
was published
for
org.jenkins-ci.plugins:saml
(Maven)
May 24, 2022
Jenkins Azure AD Plugin allows bypassing CSRF protection for any URL
High
CVE-2021-21679
was published
for
org.jenkins-ci.plugins:azure-ad
(Maven)
May 24, 2022
A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings...
Moderate
Unreviewed
CVE-2021-1517
was published
May 24, 2022
Remote code execution vulnerability in Jenkins Templating Engine Plugin
High
CVE-2021-21646
was published
for
org.jenkins-ci.plugins:templating-engine
(Maven)
May 24, 2022
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior...
High
Unreviewed
CVE-2021-27245
was published
May 24, 2022
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could...
High
Unreviewed
CVE-2021-1223
was published
May 24, 2022
Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in...
Moderate
Unreviewed
CVE-2021-1224
was published
May 24, 2022
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could...
Moderate
Unreviewed
CVE-2020-3299
was published
May 24, 2022
Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA)...
Moderate
Unreviewed
CVE-2020-3458
was published
May 24, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin
Critical
CVE-2020-2279
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could...
Moderate
Unreviewed
CVE-2020-3315
was published
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2134
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2135
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) ...
Moderate
Unreviewed
CVE-2019-13924
was published
May 24, 2022
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol...
High
Unreviewed
CVE-2019-1970
was published
May 24, 2022
The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder,...
Moderate
Unreviewed
CVE-2019-12938
was published
May 24, 2022
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol parser...
Moderate
Unreviewed
CVE-2019-1833
was published
May 24, 2022
A vulnerability in the detection engine of Cisco Firepower Threat Defense (FTD) Software could...
High
Unreviewed
CVE-2019-1832
was published
May 24, 2022
Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD...
Critical
Unreviewed
CVE-2017-8864
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API