Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

36 advisories

Loading
Jetty vulnerable to exposure of sensitive information due to observable discrepancy High
CVE-2017-9735 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
westonsteimel
HTTP Request Smuggling in Netty High
CVE-2019-16869 was published for io.netty:netty-all (Maven) Oct 11, 2019
G-Rath westonsteimel
SunBK201
Information Exposure in Netty High
CVE-2015-2156 was published for io.netty:netty (Maven) Jun 30, 2020
westonsteimel
Bzip2Decoder doesn't allow setting size restrictions for decompressed data High
CVE-2021-37136 was published for io.netty:netty (Maven) Sep 9, 2021
orvdoo westonsteimel
SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way High
CVE-2021-37137 was published for io.netty:netty (Maven) Sep 9, 2021
orvdoo westonsteimel
Unsafe Deserialization in jackson-databind High
CVE-2020-24750 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
westonsteimel
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin High
CVE-2022-23118 was published for ru.yandex.jenkins.plugins.debuilder:debian-package-builder (Maven) Jan 13, 2022
westonsteimel
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin High
CVE-2022-20619 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
OS command execution vulnerability in Jenkins Docker Commons Plugin High
CVE-2022-20617 was published for org.jenkins-ci.plugins:docker-commons (Maven) Jan 13, 2022
westonsteimel
Path Traversal in Jenkins Warnings Next Generation Plugin High
CVE-2022-23107 was published for io.jenkins.plugins:warnings-ng (Maven) Jan 21, 2022
westonsteimel
Incorrect Default Permissions in Apache Tomcat High
CVE-2020-8022 was published for org.apache.tomcat:tomcat (Maven) Feb 9, 2022 withdrawn
westonsteimel
CSRF vulnerability in Jenkins autonomiq plugin High
CVE-2022-25194 was published for io.jenkins.plugins:autonomiq (Maven) Feb 16, 2022
westonsteimel NotMyFault
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin High
CVE-2022-25174 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
westonsteimel
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin High
CVE-2022-25173 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
westonsteimel
XXE vulnerability in Jenkins Flaky Test Handler Plugin High
CVE-2022-28140 was published for org.jenkins-ci.plugins:flaky-test-handler (Maven) Mar 30, 2022
westonsteimel
CSRF vulnerability in Jenkins Publish Over FTP Plugin High
CVE-2022-29050 was published for org.jenkins-ci.plugins:publish-over-ftp (Maven) Apr 13, 2022
westonsteimel
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL High
CVE-2022-29049 was published for org.jenkins-ci.plugins:promoted-builds (Maven) Apr 13, 2022
NotMyFault westonsteimel
Sandbox Bypass in Script Security Plugin High
CVE-2019-1003005 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
westonsteimel
AWS CodeDeploy Plugin stored AWS Secret Key in plain text High
CVE-2018-1000403 was published for com.amazonaws:codedeploy (Maven) May 13, 2022
westonsteimel
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1 High
CVE-2013-1777 was published for org.apache.geronimo.framework:geronimo-jmx-remoting (Maven) May 17, 2022
westonsteimel MarkLee131
XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin High
CVE-2019-10327 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) May 24, 2022
westonsteimel
Plaintext password storage in Jenkins InfluxDB Plugin High
CVE-2019-10329 was published for org.jenkins-ci.plugins:influxdb (Maven) May 24, 2022
westonsteimel
Improper handling of untrusted branches in Gitea Jenkins Plugin High
CVE-2019-10330 was published for org.jenkins-ci.plugins:gitea (Maven) May 24, 2022
westonsteimel
Remote Code Execution in Apache Flume High
CVE-2022-25167 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Jun 15, 2022
westonsteimel
Apache Tomcat may reject request containing invalid Content-Length header High
CVE-2022-42252 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 1, 2022
sunSUNQ westonsteimel
ProTip! Advisories are also available from the GraphQL API