GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,741
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
142 advisories
Filter by severity
Jenkins GitHub plugin uses weak webhook signature function
Low
CVE-2022-36885
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
Jul 28, 2022
Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text
Low
CVE-2022-34213
was published
for
org.jenkins-ci.plugins:squashtm-publisher
(Maven)
Jun 24, 2022
Remote Code Execution in Apache Flume
High
CVE-2022-25167
was published
for
org.apache.flume.flume-ng-sources:flume-jms-source
(Maven)
Jun 15, 2022
Improper Verification of Cryptographic Signature in matrix-synapse
High
CVE-2019-18835
was published
for
matrix-synapse
(pip)
May 24, 2022
XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin
High
CVE-2019-10327
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
May 24, 2022
Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin
Critical
CVE-2019-10328
was published
for
org.jenkins-ci.plugins:workflow-remote-loader
(Maven)
May 24, 2022
Plaintext password storage in Jenkins InfluxDB Plugin
High
CVE-2019-10329
was published
for
org.jenkins-ci.plugins:influxdb
(Maven)
May 24, 2022
Improper handling of untrusted branches in Gitea Jenkins Plugin
High
CVE-2019-10330
was published
for
org.jenkins-ci.plugins:gitea
(Maven)
May 24, 2022
ecdsa-elixir fails to check signatures, vulnerable to message forging
Critical
CVE-2021-43568
was published
for
ecdsa-elixir
(Erlang)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21686
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21685
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Generic Webhook Trigger Plugin
Critical
CVE-2021-21669
was published
for
org.jenkins-ci.plugins:generic-webhook-trigger
(Maven)
May 24, 2022
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability
High
CVE-2020-13663
was published
for
drupal/core
(Composer)
May 24, 2022
XML external entity vulnerability in Jenkins Nuget Plugin
Critical
CVE-2021-21658
was published
for
org.jenkins-ci.plugins:nuget
(Maven)
May 24, 2022
Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds
Moderate
CVE-2021-21647
was published
for
org.jenkins-ci.plugins:electricflow
(Maven)
May 24, 2022
Jenkins Plugin Installation Manager Tool did not verify plugin downloads
Critical
CVE-2020-2320
was published
for
io.jenkins.plugin-management:plugin-management-parent-pom
(Maven)
May 24, 2022
Missing authorization in Jenkins Kubernetes Plugin
Moderate
CVE-2020-2309
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
May 24, 2022
Missing Authorization in Jenkins Kubernetes Plugin
Moderate
CVE-2020-2308
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
May 24, 2022
Improper Authentication (empty password) in Jenkins Active Directory Plugin
Critical
CVE-2020-2300
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 24, 2022
Missing Authorization in Jenkins Mercurial Plugin
Moderate
CVE-2020-2306
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
May 24, 2022
Improper Authentication in Jenkins Active Directory Plugin
Critical
CVE-2020-2299
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 24, 2022
Authentication cache in Active Directory Jenkins Plugin allows logging in with any password
Critical
CVE-2020-2301
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Mercurial Plugin
Moderate
CVE-2020-2305
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin
Moderate
CVE-2020-2307
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin
Critical
CVE-2020-2279
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API