Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin Critical
CVE-2019-10458 was published for org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline (Maven) May 24, 2022
westonsteimel
Script security sandbox bypass in Jenkins Email Extension Plugin Critical
CVE-2019-1003032 was published for org.jenkins-ci.plugins:email-ext (Maven) May 13, 2022
westonsteimel
Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling) Critical
CVE-2017-7658 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
westonsteimel
Deserialization of Untrusted Data in jackson-databind Critical
CVE-2020-8840 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 4, 2020
westonsteimel
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin Critical
CVE-2019-10417 was published for io.fabric8.pipeline:kubernetes-pipeline-steps (Maven) May 24, 2022
westonsteimel
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL Critical
CVE-2022-42468 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Oct 26, 2022
westonsteimel
HTTP Request Smuggling in Netty Critical
CVE-2019-20444 was published for io.netty:netty (Maven) Feb 21, 2020
KateCatlin westonsteimel
XXE vulnerability in Jenkins Job Import Plugin Critical
CVE-2019-1003015 was published for org.jenkins-ci.plugins:job-import-plugin (Maven) May 13, 2022
westonsteimel
Sandbox bypass in Jenkins Pipeline: Groovy Plugin Critical
CVE-2019-1003030 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 13, 2022
westonsteimel
Sandbox bypass in Script Security Plugin Critical
CVE-2019-1003029 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
westonsteimel
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin Critical
CVE-2019-10418 was published for io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps (Maven) May 24, 2022
westonsteimel
Jenkins Plugin Installation Manager Tool did not verify plugin downloads Critical
CVE-2020-2320 was published for io.jenkins.plugin-management:plugin-management-parent-pom (Maven) May 24, 2022
westonsteimel NotMyFault
tdunlap607
XML external entity vulnerability in Jenkins Nuget Plugin Critical
CVE-2021-21658 was published for org.jenkins-ci.plugins:nuget (Maven) May 24, 2022
westonsteimel NotMyFault
Remote code execution in handlebars when compiling templates Critical
CVE-2021-23369 was published for handlebars (Maven) May 6, 2021
westonsteimel
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21686 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault westonsteimel
Sandbox bypass in ontrack Jenkins Plugin Critical
CVE-2019-10306 was published for org.jenkins-ci.plugins:ontrack (Maven) May 24, 2022
westonsteimel
Sandbox bypass vulnerability in Jenkins Script Security Plugin Critical
CVE-2020-2279 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault westonsteimel
Improper Authentication in Jenkins Active Directory Plugin Critical
CVE-2020-2299 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel
Authentication cache in Active Directory Jenkins Plugin allows logging in with any password Critical
CVE-2020-2301 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel NotMyFault
XXE vulnerability in Jenkins Generic Webhook Trigger Plugin Critical
CVE-2021-21669 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) May 24, 2022
westonsteimel NotMyFault
Sandbox bypass vulnerability in Jenkins Script Security Plugin Critical
CVE-2019-1003040 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
westonsteimel
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin Critical
CVE-2019-1003041 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 13, 2022
westonsteimel
Improper Authentication (empty password) in Jenkins Active Directory Plugin Critical
CVE-2020-2300 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel NotMyFault
Script security sandbox bypass in Matrix Project Plugin Critical
CVE-2019-1003031 was published for org.jenkins-ci.plugins:matrix-project (Maven) May 13, 2022
westonsteimel
Script security sandbox bypass in Jenkins Job DSL Plugin Critical
CVE-2019-1003034 was published for org.jenkins-ci.plugins:job-dsl (Maven) May 13, 2022
westonsteimel
ProTip! Advisories are also available from the GraphQL API