GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
62 advisories
Filter by severity
Missing permission checks in Jenkins Publish Over FTP Plugin
Moderate
CVE-2022-29051
was published
for
org.jenkins-ci.plugins:publish-over-ftp
(Maven)
Apr 13, 2022
Stored XSS in Jenkins CVS Plugin
Moderate
CVE-2022-29037
was published
for
org.jenkins-ci.plugins:cvs
(Maven)
Apr 13, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Roundup
Moderate
CVE-2012-6133
was published
for
roundup
(pip)
Apr 23, 2022
Apache Geronimo console 1.0 vulnerable to cross-site scripting
Moderate
CVE-2006-0254
was published
for
geronimo:geronimo-console-standard
(Maven)
May 1, 2022
simplejson before 2.6.1 vulnerable to array index error
Moderate
CVE-2014-4616
was published
for
simplejson
(pip)
May 14, 2022
URLTrigger Plugin server-side request forgery vulnerability
Moderate
CVE-2018-1000606
was published
for
org.jenkins-ci.plugins:urltrigger
(Maven)
May 14, 2022
Open Redirect in Apache Superset
Moderate
CVE-2021-28125
was published
for
apache-superset
(pip)
Oct 6, 2021
Exposure of sensitive information in Anchore Container Image Scanner Jenkins Plugin
Moderate
CVE-2018-1999033
was published
for
org.jenkins-ci.plugins:anchore-container-scanner
(Maven)
May 13, 2022
HashiCorp Nomad Artifact Download Race Condition
Moderate
CVE-2022-24686
was published
for
github.com/hashicorp/nomad
(Go)
Feb 15, 2022
Missing permission check in Jenkins autonomiq Plugin
Moderate
CVE-2022-25195
was published
for
io.jenkins.plugins:autonomiq
(Maven)
Feb 16, 2022
Nomad Spread Job Stanza May Trigger Panic in Servers
Moderate
CVE-2022-24684
was published
for
github.com/hashicorp/nomad
(Go)
Feb 16, 2022
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security
Moderate
CVE-2010-3700
was published
for
org.acegisecurity:acegi-security
(Maven)
May 14, 2022
Link Following in Jenkins Pipeline Multibranch Plugin
Moderate
CVE-2022-25179
was published
for
org.jenkins-ci.plugins.workflow:workflow-multibranch
(Maven)
Feb 16, 2022
Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin
Moderate
CVE-2022-25176
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Feb 16, 2022
Improper Link Resolution Before File Access in Jenkins Pipeline: Shared Groovy Libraries Plugin
Moderate
CVE-2022-25177
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Pipeline: Shared Groovy Libraries Plugin
Moderate
CVE-2022-25178
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Improper privilege management in elasticsearch
Moderate
CVE-2020-7019
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
HTTP Request Smuggling in Netty
Moderate
CVE-2019-20445
was published
for
io.netty:netty
(Maven)
Feb 21, 2020
Possible request smuggling in HTTP/2 due missing validation
Moderate
CVE-2021-21295
was published
for
io.netty:netty
(Maven)
Mar 9, 2021
HTTP request smuggling in netty
Moderate
CVE-2021-43797
was published
for
io.netty:netty
(Maven)
Dec 9, 2021
Local Information Disclosure Vulnerability in Netty on Unix-Like systems
Moderate
CVE-2021-21290
was published
for
io.netty:netty
(Maven)
Feb 8, 2021
Possible request smuggling in HTTP/2 due missing validation of content-length
Moderate
CVE-2021-21409
was published
for
io.netty:netty
(Maven)
Mar 30, 2021
snowflake-connector-python is vulnerable to Regular Expression Denial of Service (ReDoS)
Moderate
CVE-2022-42965
was published
for
snowflake-connector-python
(pip)
Nov 10, 2022
Stored XSS vulnerability in Jenkins Badge Plugin
Moderate
CVE-2022-23108
was published
for
org.jenkins-ci.plugins:badge
(Maven)
Jan 13, 2022
Access key stored in plain text by Jenkins Metrics Plugin
Moderate
CVE-2022-20621
was published
for
org.jenkins-ci.plugins:metrics
(Maven)
Jan 13, 2022
ProTip!
Advisories are also available from the
GraphQL API