GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
Jinja2 sandbox escape via string formatting
High
CVE-2019-10906
was published
for
Jinja2
(pip)
Apr 10, 2019
Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies
High
CVE-2024-34144
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 2, 2024
Intermittent HTTP policy bypass
High
CVE-2024-28248
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Denial of Service in http-proxy
High
GHSA-6x33-pw7p-hmpq
was published
for
http-proxy
(npm)
Sep 4, 2020
Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin
High
CVE-2022-43428
was published
for
com.compuware.jenkins:compuware-topaz-for-total-test
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin
High
CVE-2022-43434
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Oct 19, 2022
Jenkins Katalon Plugin vulnerable to Protection Mechanism Failure
High
CVE-2022-43416
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
Unauthorized view fragment access in Jenkins
High
CVE-2022-34175
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
High
CVE-2022-25183
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
High
CVE-2022-25182
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
High
CVE-2022-25181
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
High
CVE-2021-21696
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Remote code execution vulnerability in Jenkins Templating Engine Plugin
High
CVE-2021-21646
was published
for
org.jenkins-ci.plugins:templating-engine
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2134
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2135
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Jenkins Azure AD Plugin allows bypassing CSRF protection for any URL
High
CVE-2021-21679
was published
for
org.jenkins-ci.plugins:azure-ad
(Maven)
May 24, 2022
Jenkins SAML Plugin allows bypassing CSRF protection for any URL
High
CVE-2021-21678
was published
for
org.jenkins-ci.plugins:saml
(Maven)
May 24, 2022
Jenkins Groovy Plugin sandbox bypass vulnerability
High
CVE-2019-1003033
was published
for
org.jenkins-ci.plugins:groovy
(Maven)
May 13, 2022
Sandbox Bypass in Script Security Plugin
High
CVE-2019-1003005
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Improper handling of untrusted branches in Gitea Jenkins Plugin
High
CVE-2019-10330
was published
for
org.jenkins-ci.plugins:gitea
(Maven)
May 24, 2022
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
High
CVE-2022-43401
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Oct 19, 2022
Remote Code Execution in Custom Integration Upload
High
CVE-2023-41319
was published
for
ethyca-fides
(pip)
Sep 7, 2023
Agent-to-controller security bypass in Jenkins Squash TM Publisher (Squash4Jenkins) Plugin allows writing arbitrary files
High
CVE-2021-43578
was published
for
org.jenkins-ci.plugins:squashtm-publisher-plugin
(Maven)
May 24, 2022
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin
High
CVE-2022-23118
was published
for
ru.yandex.jenkins.plugins.debuilder:debian-package-builder
(Maven)
Jan 13, 2022
Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin
High
CVE-2022-43435
was published
for
org.jenkins-ci.plugins.plugin:fireline
(Maven)
Oct 19, 2022
ProTip!
Advisories are also available from the
GraphQL API