GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
A user without PR can reset user authentication failures information
Low
CVE-2021-32729
was published
for
org.xwiki.platform:xwiki-platform-security-authentication-script
(Maven)
Jul 2, 2021
Protection Mechanism Failure in Jenkins Script Security Plugin
High
CVE-2019-1003000
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure
High
CVE-2022-43429
was published
for
com.compuware.jenkins:compuware-topaz-for-total-test
(Maven)
Oct 19, 2022
Agent-to-controller security bypass in Jenkins xUnit Plugin
Moderate
CVE-2022-34181
was published
for
org.jenkins-ci.plugins:xunit
(Maven)
Jun 24, 2022
Script security sandbox bypass in Jenkins Email Extension Plugin
Critical
CVE-2019-1003032
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
May 13, 2022
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
High
CVE-2022-43404
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Oct 19, 2022
Sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin
High
CVE-2022-43406
was published
for
io.jenkins.plugins:pipeline-groovy-lib
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content disabled by Jenkins XFramium Builder Plugin
High
CVE-2022-43432
was published
for
org.jenkins-ci.plugins:xframium
(Maven)
Oct 19, 2022
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin
High
CVE-2022-43405
was published
for
io.jenkins.plugins:pipeline-groovy-lib
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content disabled by Jenkins ScreenRecorder Plugin
High
CVE-2022-43433
was published
for
io.jenkins.plugins:screenrecorder
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin
High
CVE-2022-43435
was published
for
org.jenkins-ci.plugins.plugin:fireline
(Maven)
Oct 19, 2022
Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin
Moderate
CVE-2022-36899
was published
for
com.compuware.jenkins:compuware-ispw-operations
(Maven)
Jul 28, 2022
Jenkins WildFly Deployer Plugin vulnerable to path traversal
Moderate
CVE-2022-41235
was published
for
org.jenkins-ci.plugins:wildfly-deployer
(Maven)
Sep 22, 2022
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin
Low
CVE-2022-25186
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Feb 16, 2022
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin
High
CVE-2022-23118
was published
for
ru.yandex.jenkins.plugins.debuilder:debian-package-builder
(Maven)
Jan 13, 2022
Agent-to-controller security bypass in Jenkins Squash TM Publisher (Squash4Jenkins) Plugin allows writing arbitrary files
High
CVE-2021-43578
was published
for
org.jenkins-ci.plugins:squashtm-publisher-plugin
(Maven)
May 24, 2022
Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution
Critical
CVE-2022-43402
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Oct 19, 2022
Jenkins Script Security Plugin sandbox bypass vulnerability
Critical
CVE-2022-43403
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Oct 19, 2022
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
High
CVE-2022-43401
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Oct 19, 2022
Improper handling of untrusted branches in Gitea Jenkins Plugin
High
CVE-2019-10330
was published
for
org.jenkins-ci.plugins:gitea
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21690
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Sandbox Bypass in Script Security Plugin
High
CVE-2019-1003005
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Jenkins Groovy Plugin sandbox bypass vulnerability
High
CVE-2019-1003033
was published
for
org.jenkins-ci.plugins:groovy
(Maven)
May 13, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin
Critical
CVE-2020-2279
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Jenkins SAML Plugin allows bypassing CSRF protection for any URL
High
CVE-2021-21678
was published
for
org.jenkins-ci.plugins:saml
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API