Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

123 advisories

Loading
Jetty vulnerable to exposure of sensitive information due to observable discrepancy High
CVE-2017-9735 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
westonsteimel
Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling) Critical
CVE-2017-7658 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
westonsteimel
HTTP Request Smuggling in Netty High
CVE-2019-16869 was published for io.netty:netty-all (Maven) Oct 11, 2019
G-Rath westonsteimel
SunBK201
HTTP Request Smuggling in Netty Moderate
CVE-2019-20445 was published for io.netty:netty (Maven) Feb 21, 2020
westonsteimel
HTTP Request Smuggling in Netty Critical
CVE-2019-20444 was published for io.netty:netty (Maven) Feb 21, 2020
KateCatlin westonsteimel
Deserialization of Untrusted Data in jackson-databind Critical
CVE-2019-20330 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 4, 2020
westonsteimel sunSUNQ
Deserialization of Untrusted Data in jackson-databind Critical
CVE-2020-8840 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 4, 2020
westonsteimel
Information Exposure in Netty High
CVE-2015-2156 was published for io.netty:netty (Maven) Jun 30, 2020
westonsteimel
Local Information Disclosure Vulnerability in Netty on Unix-Like systems Moderate
CVE-2021-21290 was published for io.netty:netty (Maven) Feb 8, 2021
JLLeitschuh westonsteimel
Possible request smuggling in HTTP/2 due missing validation Moderate
CVE-2021-21295 was published for io.netty:netty (Maven) Mar 9, 2021
artgon carl-mastrangelo
westonsteimel
Possible request smuggling in HTTP/2 due missing validation of content-length Moderate
CVE-2021-21409 was published for io.netty:netty (Maven) Mar 30, 2021
westonsteimel
Remote code execution in handlebars when compiling templates Critical
CVE-2021-23369 was published for handlebars (Maven) May 6, 2021
westonsteimel
Cross-Site Request Forgery in Jenkins Credentials Plugin Moderate
CVE-2021-21648 was published for org.jenkins-ci.plugins:credentials (Maven) Jun 16, 2021
NotMyFault westonsteimel
Cross-site Scripting in Jenkins Dashboard View Plugin Moderate
CVE-2021-21649 was published for org.jenkins-ci.plugins:dashboard-view (Maven) Jun 16, 2021
NotMyFault westonsteimel
Missing Authorization in Jenkins S3 publisher Plugin Moderate
CVE-2021-21650 was published for org.jenkins-ci.plugins:s3 (Maven) Jun 16, 2021
westonsteimel
Missing Authorization in Jenkins S3 publisher Plugin Moderate
CVE-2021-21651 was published for org.jenkins-ci.plugins:s3 (Maven) Jun 16, 2021
westonsteimel
Bzip2Decoder doesn't allow setting size restrictions for decompressed data High
CVE-2021-37136 was published for io.netty:netty (Maven) Sep 9, 2021
orvdoo westonsteimel
SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way High
CVE-2021-37137 was published for io.netty:netty (Maven) Sep 9, 2021
orvdoo westonsteimel
HTTP request smuggling in netty Moderate
CVE-2021-43797 was published for io.netty:netty (Maven) Dec 9, 2021
purninavi westonsteimel
Unsafe Deserialization in jackson-databind High
CVE-2020-24750 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
westonsteimel
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin High
CVE-2022-23118 was published for ru.yandex.jenkins.plugins.debuilder:debian-package-builder (Maven) Jan 13, 2022
westonsteimel
Stored XSS vulnerability in Jenkins Badge Plugin Moderate
CVE-2022-23108 was published for org.jenkins-ci.plugins:badge (Maven) Jan 13, 2022
westonsteimel
Access key stored in plain text by Jenkins Metrics Plugin Moderate
CVE-2022-20621 was published for org.jenkins-ci.plugins:metrics (Maven) Jan 13, 2022
westonsteimel
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs Moderate
CVE-2022-20620 was published for org.jenkins-ci.plugins:ssh-agent (Maven) Jan 13, 2022
westonsteimel
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin High
CVE-2022-20619 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database