GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,872
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,951
npm
3,481
NuGet
605
pip
3,047
Pub
10
RubyGems
832
Rust
777
Swift
34
Unreviewed advisories
All unreviewed
5,000+
142 advisories
Filter by severity
Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin
Moderate
CVE-2020-2252
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
May 24, 2022
Improper privilege management in elasticsearch
Moderate
CVE-2020-7019
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Maltego incorrectly shares a MISP connection across users in a remote-transform use case
Critical
CVE-2020-12889
was published
for
MISP-maltego
(pip)
May 24, 2022
Subversion Plugin stored XSS vulnerability
Moderate
CVE-2020-2111
was published
for
org.jenkins-ci.plugins:subversion
(Maven)
May 24, 2022
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin
Critical
CVE-2019-10458
was published
for
org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline
(Maven)
May 24, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin
Critical
CVE-2019-10417
was published
for
io.fabric8.pipeline:kubernetes-pipeline-steps
(Maven)
May 24, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin
Critical
CVE-2019-10418
was published
for
io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps
(Maven)
May 24, 2022
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
High
CVE-2019-11842
was published
for
matrix-sydent
(pip)
May 24, 2022
Sandbox bypass in ontrack Jenkins Plugin
Critical
CVE-2019-10306
was published
for
org.jenkins-ci.plugins:ontrack
(Maven)
May 24, 2022
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1
High
CVE-2013-1777
was published
for
org.apache.geronimo.framework:geronimo-jmx-remoting
(Maven)
May 17, 2022
django-anymail Includes Sensitive Information in Log Files
High
CVE-2018-1000089
was published
for
django-anymail
(pip)
May 14, 2022
URLTrigger Plugin server-side request forgery vulnerability
Moderate
CVE-2018-1000606
was published
for
org.jenkins-ci.plugins:urltrigger
(Maven)
May 14, 2022
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security
Moderate
CVE-2010-3700
was published
for
org.acegisecurity:acegi-security
(Maven)
May 14, 2022
simplejson before 2.6.1 vulnerable to array index error
Moderate
CVE-2014-4616
was published
for
simplejson
(pip)
May 14, 2022
AWS CodeDeploy Plugin stored AWS Secret Key in plain text
High
CVE-2018-1000403
was published
for
com.amazonaws:codedeploy
(Maven)
May 13, 2022
Expected Behavior Violation in Apache Tomcat
Critical
CVE-2017-5651
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 13, 2022
Unsafe pyyaml load usage in PyAnyAPI
Critical
CVE-2017-16616
was published
for
pyanyapi
(pip)
May 13, 2022
XXE vulnerability in Jenkins Job Import Plugin
Critical
CVE-2019-1003015
was published
for
org.jenkins-ci.plugins:job-import-plugin
(Maven)
May 13, 2022
Exposure of sensitive information in Anchore Container Image Scanner Jenkins Plugin
Moderate
CVE-2018-1999033
was published
for
org.jenkins-ci.plugins:anchore-container-scanner
(Maven)
May 13, 2022
Exposure of Resource to Wrong Sphere in Apache Tomcat
Critical
CVE-2017-5648
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 13, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin
Critical
CVE-2019-1003040
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin
Critical
CVE-2019-1003041
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 13, 2022
Script security sandbox bypass in Matrix Project Plugin
Critical
CVE-2019-1003031
was published
for
org.jenkins-ci.plugins:matrix-project
(Maven)
May 13, 2022
Script security sandbox bypass in Jenkins Job DSL Plugin
Critical
CVE-2019-1003034
was published
for
org.jenkins-ci.plugins:job-dsl
(Maven)
May 13, 2022
Script security sandbox bypass in Jenkins Email Extension Plugin
Critical
CVE-2019-1003032
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API