Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
Sandbox bypass in Jenkins Pipeline: Groovy Plugin Critical
CVE-2019-1003030 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 13, 2022
westonsteimel
Sandbox bypass in Script Security Plugin Critical
CVE-2019-1003029 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
westonsteimel
Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies High
CVE-2024-34144 was published for org.jenkins-ci.plugins:script-security (Maven) May 2, 2024
Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin High
CVE-2022-43428 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
NotMyFault
Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin High
CVE-2022-43434 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Oct 19, 2022
NotMyFault
Jenkins Compuware zAdviser API Plugin vulnerable to protection mechanism failure Moderate
CVE-2022-36900 was published for com.compuware.jenkins:compuware-zadviser-api (Maven) Jul 28, 2022
Jenkins Katalon Plugin vulnerable to Protection Mechanism Failure High
CVE-2022-43416 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin Moderate
CVE-2022-43424 was published for com.compuware.jenkins:compuware-xpediter-code-coverage (Maven) Oct 19, 2022
NotMyFault
Sandbox escape in Jenkins Email Extension Plugin Critical
CVE-2023-25765 was published for org.jenkins-ci.plugins:email-ext (Maven) Feb 15, 2023
Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure Moderate
CVE-2022-43414 was published for org.jenkins-ci.plugins:nunit (Maven) Oct 19, 2022
Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin Moderate
CVE-2022-43423 was published for com.compuware.jenkins:compuware-scm-downloader (Maven) Oct 19, 2022
NotMyFault
Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin Moderate
CVE-2022-43422 was published for com.compuware.jenkins:compuware-topaz-utilities (Maven) Oct 19, 2022
NotMyFault
Unauthorized view fragment access in Jenkins High
CVE-2022-34175 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files Moderate
CVE-2022-25197 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Feb 16, 2022
NotMyFault
Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin Critical
CVE-2019-10328 was published for org.jenkins-ci.plugins:workflow-remote-loader (Maven) May 24, 2022
westonsteimel
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25183 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25182 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25181 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin High
CVE-2021-21696 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Remote code execution vulnerability in Jenkins Templating Engine Plugin High
CVE-2021-21646 was published for org.jenkins-ci.plugins:templating-engine (Maven) May 24, 2022
NotMyFault
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2134 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2135 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault
Script security sandbox bypass in Jenkins Job DSL Plugin Critical
CVE-2019-1003034 was published for org.jenkins-ci.plugins:job-dsl (Maven) May 13, 2022
westonsteimel
Script security sandbox bypass in Matrix Project Plugin Critical
CVE-2019-1003031 was published for org.jenkins-ci.plugins:matrix-project (Maven) May 13, 2022
westonsteimel
Jenkins Azure AD Plugin allows bypassing CSRF protection for any URL High
CVE-2021-21679 was published for org.jenkins-ci.plugins:azure-ad (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API