GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
137 advisories
Filter by severity
Unauthorized view fragment access in Jenkins
High
CVE-2022-34175
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21691
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21693
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21692
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Incorrect Authorization in MySQL Connector Java
Moderate
CVE-2021-2471
was published
for
mysql:mysql-connector-java
(Maven)
May 24, 2022
Improper permission checks allow canceling queue items and aborting builds in Jenkins
Moderate
CVE-2021-21670
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials
Moderate
CVE-2021-21664
was published
for
com.xebialabs.deployit.ci:deployit-plugin
(Maven)
May 24, 2022
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs
Moderate
CVE-2021-21643
was published
for
org.jenkins-ci.plugins:config-file-provider
(Maven)
May 24, 2022
Incorrect permission checks in Jenkins Role-based Authorization Strategy Plugin may allow accessing some items
Moderate
CVE-2021-21624
was published
for
org.jenkins-ci.plugins:role-strategy
(Maven)
May 24, 2022
Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items
Moderate
CVE-2021-21623
was published
for
org.jenkins-ci.plugins:matrix-auth
(Maven)
May 24, 2022
OpenNMS Horizon RCE via JEXL2 expression
High
CVE-2021-3396
was published
for
org.opennms.features:org.opennms.features.measurements
(Maven)
May 24, 2022
Missing permission check for paths with specific prefix in Jenkins
Moderate
CVE-2021-21609
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Information leak in Gerrit
Low
CVE-2020-8920
was published
for
com.google.gerrit:gerrit-plugin-api
(Maven)
May 24, 2022
Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin
High
CVE-2020-2286
was published
for
org.jenkins-ci.plugins:role-strategy
(Maven)
May 24, 2022
Incorrect permission check in Health Advisor by CloudBees Plugin
Moderate
CVE-2020-2258
was published
for
org.jenkins-ci.plugins:cloudbees-jenkins-advisor
(Maven)
May 24, 2022
Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs
Moderate
CVE-2020-2233
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
May 24, 2022
Improper authorization of users and groups with the same base name in Jenkins GitLab Authentication Plugin
High
CVE-2020-2228
was published
for
org.jenkins-ci.plugins:gitlab-oauth
(Maven)
May 24, 2022
Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin
Moderate
CVE-2020-2188
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
Missing permission checks in Mac Plugin
Moderate
CVE-2020-2148
was published
for
fr.edf.jenkins.plugins:mac
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2135
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2134
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Memory usage graphs accessible to anyone with Overall/Read
Moderate
CVE-2020-2104
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Incorrect Authorization in Jenkins Script Security Plugin
High
CVE-2019-16538
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin
Critical
CVE-2019-10458
was published
for
org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline
(Maven)
May 24, 2022
Keycloak Unauthenticated Access
High
CVE-2019-14832
was published
for
org.keycloak:keycloak-model-infinispan
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API