Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

156 advisories

Loading
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability High
CVE-2020-13663 was published for drupal/core (Composer) May 24, 2022
westonsteimel
XML external entity vulnerability in Jenkins Nuget Plugin Critical
CVE-2021-21658 was published for org.jenkins-ci.plugins:nuget (Maven) May 24, 2022
westonsteimel NotMyFault
Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds Moderate
CVE-2021-21647 was published for org.jenkins-ci.plugins:electricflow (Maven) May 24, 2022
NotMyFault westonsteimel
Jenkins Plugin Installation Manager Tool did not verify plugin downloads Critical
CVE-2020-2320 was published for io.jenkins.plugin-management:plugin-management-parent-pom (Maven) May 24, 2022
westonsteimel NotMyFault
tdunlap607
Missing Authorization in Jenkins Kubernetes Plugin Moderate
CVE-2020-2308 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) May 24, 2022
westonsteimel
Missing authorization in Jenkins Kubernetes Plugin Moderate
CVE-2020-2309 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) May 24, 2022
westonsteimel
Authentication cache in Active Directory Jenkins Plugin allows logging in with any password Critical
CVE-2020-2301 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel NotMyFault
XXE vulnerability in Jenkins Mercurial Plugin Moderate
CVE-2020-2305 was published for org.jenkins-ci.plugins:mercurial (Maven) May 24, 2022
NotMyFault westonsteimel
Improper Authentication in Jenkins Active Directory Plugin Critical
CVE-2020-2299 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin Moderate
CVE-2020-2307 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) May 24, 2022
westonsteimel
Missing Authorization in Jenkins Mercurial Plugin Moderate
CVE-2020-2306 was published for org.jenkins-ci.plugins:mercurial (Maven) May 24, 2022
westonsteimel
Improper Authentication (empty password) in Jenkins Active Directory Plugin Critical
CVE-2020-2300 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel NotMyFault
Sandbox bypass vulnerability in Jenkins Script Security Plugin Critical
CVE-2020-2279 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault westonsteimel
Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin Moderate
CVE-2020-2252 was published for org.jenkins-ci.plugins:mailer (Maven) May 24, 2022
westonsteimel
Improper privilege management in elasticsearch Moderate
CVE-2020-7019 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
westonsteimel
Maltego incorrectly shares a MISP connection across users in a remote-transform use case Critical
CVE-2020-12889 was published for MISP-maltego (pip) May 24, 2022
westonsteimel
Subversion Plugin stored XSS vulnerability Moderate
CVE-2020-2111 was published for org.jenkins-ci.plugins:subversion (Maven) May 24, 2022
westonsteimel
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin Critical
CVE-2019-10458 was published for org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline (Maven) May 24, 2022
westonsteimel
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin Critical
CVE-2019-10417 was published for io.fabric8.pipeline:kubernetes-pipeline-steps (Maven) May 24, 2022
westonsteimel
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin Critical
CVE-2019-10418 was published for io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps (Maven) May 24, 2022
westonsteimel
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG High
CVE-2019-11842 was published for matrix-sydent (pip) May 24, 2022
westonsteimel
Sandbox bypass in ontrack Jenkins Plugin Critical
CVE-2019-10306 was published for org.jenkins-ci.plugins:ontrack (Maven) May 24, 2022
westonsteimel
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1 High
CVE-2013-1777 was published for org.apache.geronimo.framework:geronimo-jmx-remoting (Maven) May 17, 2022
westonsteimel MarkLee131
django-anymail Includes Sensitive Information in Log Files Critical
CVE-2018-1000089 was published for django-anymail (pip) May 14, 2022
westonsteimel
URLTrigger Plugin server-side request forgery vulnerability Moderate
CVE-2018-1000606 was published for org.jenkins-ci.plugins:urltrigger (Maven) May 14, 2022
westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database