Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
A user without PR can reset user authentication failures information Low
CVE-2021-32729 was published for org.xwiki.platform:xwiki-platform-security-authentication-script (Maven) Jul 2, 2021
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin High
CVE-2022-23118 was published for ru.yandex.jenkins.plugins.debuilder:debian-package-builder (Maven) Jan 13, 2022
westonsteimel
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files Moderate
CVE-2022-25197 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Feb 16, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin Low
CVE-2022-25186 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Feb 16, 2022
NotMyFault
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25182 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25183 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25181 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Sandbox bypass in Script Security Plugin Critical
CVE-2019-1003029 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
westonsteimel
Sandbox Bypass in Script Security Plugin High
CVE-2019-1003005 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
westonsteimel
Sandbox bypass in Jenkins Pipeline: Groovy Plugin Critical
CVE-2019-1003030 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 13, 2022
westonsteimel
Jenkins Groovy Plugin sandbox bypass vulnerability High
CVE-2019-1003033 was published for org.jenkins-ci.plugins:groovy (Maven) May 13, 2022
Script security sandbox bypass in Jenkins Email Extension Plugin Critical
CVE-2019-1003032 was published for org.jenkins-ci.plugins:email-ext (Maven) May 13, 2022
westonsteimel
Script security sandbox bypass in Matrix Project Plugin Critical
CVE-2019-1003031 was published for org.jenkins-ci.plugins:matrix-project (Maven) May 13, 2022
westonsteimel
Script security sandbox bypass in Jenkins Job DSL Plugin Critical
CVE-2019-1003034 was published for org.jenkins-ci.plugins:job-dsl (Maven) May 13, 2022
westonsteimel
Protection Mechanism Failure in Jenkins Script Security Plugin High
CVE-2019-1003000 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2135 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2134 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault
Sandbox bypass vulnerability in Jenkins Script Security Plugin Critical
CVE-2020-2279 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault westonsteimel
Remote code execution vulnerability in Jenkins Templating Engine Plugin High
CVE-2021-21646 was published for org.jenkins-ci.plugins:templating-engine (Maven) May 24, 2022
NotMyFault
Jenkins Azure AD Plugin allows bypassing CSRF protection for any URL High
CVE-2021-21679 was published for org.jenkins-ci.plugins:azure-ad (Maven) May 24, 2022
NotMyFault
Jenkins SAML Plugin allows bypassing CSRF protection for any URL High
CVE-2021-21678 was published for org.jenkins-ci.plugins:saml (Maven) May 24, 2022
NotMyFault
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin High
CVE-2021-21696 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21690 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins Squash TM Publisher (Squash4Jenkins) Plugin allows writing arbitrary files High
CVE-2021-43578 was published for org.jenkins-ci.plugins:squashtm-publisher-plugin (Maven) May 24, 2022
NotMyFault
Improper handling of untrusted branches in Gitea Jenkins Plugin High
CVE-2019-10330 was published for org.jenkins-ci.plugins:gitea (Maven) May 24, 2022
westonsteimel
ProTip! Advisories are also available from the GraphQL API