GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,741
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
142 advisories
Filter by severity
Apache Tomcat Improper Access Control vulnerability
Critical
CVE-2016-8735
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 13, 2022
Sandbox bypass in Jenkins Pipeline: Groovy Plugin
Critical
CVE-2019-1003030
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 13, 2022
Sony Neural Network Libraries reliance on untrusted inputs prior to v1.0.10
Critical
CVE-2019-10844
was published
for
nnabla
(pip)
May 13, 2022
Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat
Critical
CVE-2016-5018
was published
for
org.apache.tomcat.embed:tomcat-embed-jasper
(Maven)
May 13, 2022
Sandbox Bypass in Script Security Plugin
High
CVE-2019-1003005
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Sandbox bypass in Script Security Plugin
Critical
CVE-2019-1003029
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Apache Geronimo Application Server CSRF vulnerabilities
Moderate
CVE-2009-0039
was published
for
org.apache.geronimo.plugins:console
(Maven)
May 2, 2022
Apache Geronimo console 1.0 vulnerable to cross-site scripting
Moderate
CVE-2006-0254
was published
for
geronimo:geronimo-console-standard
(Maven)
May 1, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Roundup
Moderate
CVE-2012-6133
was published
for
roundup
(pip)
Apr 23, 2022
Cross-site scripting in markdown2 for python
Moderate
CVE-2009-3724
was published
for
markdown2
(pip)
Apr 21, 2022
Stored XSS in Jenkins CVS Plugin
Moderate
CVE-2022-29037
was published
for
org.jenkins-ci.plugins:cvs
(Maven)
Apr 13, 2022
Stored XSS vulnerability in Jenkins Git Parameter Plugin
Moderate
CVE-2022-29040
was published
for
org.jenkins-ci.tools:git-parameter
(Maven)
Apr 13, 2022
Missing permission checks in Jenkins Publish Over FTP Plugin
Moderate
CVE-2022-29051
was published
for
org.jenkins-ci.plugins:publish-over-ftp
(Maven)
Apr 13, 2022
CSRF vulnerability in Jenkins Publish Over FTP Plugin
High
CVE-2022-29050
was published
for
org.jenkins-ci.plugins:publish-over-ftp
(Maven)
Apr 13, 2022
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL
High
CVE-2022-29049
was published
for
org.jenkins-ci.plugins:promoted-builds
(Maven)
Apr 13, 2022
XXE vulnerability in Jenkins Flaky Test Handler Plugin
High
CVE-2022-28140
was published
for
org.jenkins-ci.plugins:flaky-test-handler
(Maven)
Mar 30, 2022
golang.org/x/crypto/ssh Denial of service via crafted Signer
High
CVE-2022-27191
was published
for
golang.org/x/crypto
(Go)
Mar 19, 2022
Nomad Spread Job Stanza May Trigger Panic in Servers
Moderate
CVE-2022-24684
was published
for
github.com/hashicorp/nomad
(Go)
Feb 16, 2022
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin
High
CVE-2022-25173
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Feb 16, 2022
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin
High
CVE-2022-25174
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Improper Link Resolution Before File Access in Jenkins Pipeline: Shared Groovy Libraries Plugin
Moderate
CVE-2022-25177
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin
Moderate
CVE-2022-25176
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Feb 16, 2022
Link Following in Jenkins Pipeline Multibranch Plugin
Moderate
CVE-2022-25179
was published
for
org.jenkins-ci.plugins.workflow:workflow-multibranch
(Maven)
Feb 16, 2022
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Pipeline: Shared Groovy Libraries Plugin
Moderate
CVE-2022-25178
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Jenkins Support Core Plugin stores sensitive data in plain text
Moderate
CVE-2022-25187
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Feb 16, 2022
ProTip!
Advisories are also available from the
GraphQL API