GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
181 advisories
Filter by severity
isolated-vm has vulnerable CachedDataOptions in API
Critical
CVE-2022-39266
was published
for
isolated-vm
(npm)
Sep 30, 2022
Jenkins WildFly Deployer Plugin vulnerable to path traversal
Moderate
CVE-2022-41235
was published
for
org.jenkins-ci.plugins:wildfly-deployer
(Maven)
Sep 22, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can...
High
Unreviewed
CVE-2022-39957
was published
Sep 21, 2022
Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin
Moderate
CVE-2022-36899
was published
for
com.compuware.jenkins:compuware-ispw-operations
(Maven)
Jul 28, 2022
Jenkins Compuware zAdviser API Plugin vulnerable to protection mechanism failure
Moderate
CVE-2022-36900
was published
for
com.compuware.jenkins:compuware-zadviser-api
(Maven)
Jul 28, 2022
Unauthorized view fragment access in Jenkins
High
CVE-2022-34175
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Agent-to-controller security bypass in Jenkins xUnit Plugin
Moderate
CVE-2022-34181
was published
for
org.jenkins-ci.plugins:xunit
(Maven)
Jun 24, 2022
An unauthenticated attacker can update the hostname with a specially crafted name that will allow...
Critical
Unreviewed
CVE-2022-31479
was published
Jun 7, 2022
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP...
High
Unreviewed
CVE-2020-28396
was published
May 24, 2022
Improper handling of untrusted branches in Gitea Jenkins Plugin
High
CVE-2019-10330
was published
for
org.jenkins-ci.plugins:gitea
(Maven)
May 24, 2022
Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin
Critical
CVE-2019-10328
was published
for
org.jenkins-ci.plugins:workflow-remote-loader
(Maven)
May 24, 2022
Agent-to-controller security bypass in Jenkins Squash TM Publisher (Squash4Jenkins) Plugin allows writing arbitrary files
High
CVE-2021-43578
was published
for
org.jenkins-ci.plugins:squashtm-publisher-plugin
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21690
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
High
CVE-2021-21696
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to...
Moderate
Unreviewed
CVE-2021-35237
was published
May 24, 2022
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access...
Critical
Unreviewed
CVE-2021-32835
was published
May 24, 2022
Jenkins SAML Plugin allows bypassing CSRF protection for any URL
High
CVE-2021-21678
was published
for
org.jenkins-ci.plugins:saml
(Maven)
May 24, 2022
Jenkins Azure AD Plugin allows bypassing CSRF protection for any URL
High
CVE-2021-21679
was published
for
org.jenkins-ci.plugins:azure-ad
(Maven)
May 24, 2022
A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings...
Moderate
Unreviewed
CVE-2021-1517
was published
May 24, 2022
Remote code execution vulnerability in Jenkins Templating Engine Plugin
High
CVE-2021-21646
was published
for
org.jenkins-ci.plugins:templating-engine
(Maven)
May 24, 2022
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior...
High
Unreviewed
CVE-2021-27245
was published
May 24, 2022
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could...
High
Unreviewed
CVE-2021-1223
was published
May 24, 2022
Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in...
Moderate
Unreviewed
CVE-2021-1224
was published
May 24, 2022
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could...
Moderate
Unreviewed
CVE-2020-3299
was published
May 24, 2022
Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA)...
Moderate
Unreviewed
CVE-2020-3458
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API