GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
130 advisories
Filter by severity
Incorrect Authorization in Jenkins Mercurial Plugin
Moderate
CVE-2018-1000112
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
May 13, 2022
Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes
Moderate
CVE-2018-1000114
was published
for
org.jenkins-ci.plugins:promoted-builds
(Maven)
May 13, 2022
Jenkins vSphere Plugin incorrect authorization vulnerability
Moderate
CVE-2018-1000152
was published
for
org.jenkins-ci.plugins:vsphere-cloud
(Maven)
May 13, 2022
Jenkins Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration
High
CVE-2018-1000197
was published
for
com.blackducksoftware.integration:blackduck-hub
(Maven)
May 13, 2022
Improper authorization vulnerability in Jenkins Mesos Plugin
Moderate
CVE-2018-1000420
was published
for
org.jenkins-ci.plugins:mesos
(Maven)
May 13, 2022
Cloud Foundry UAA accepts refresh token as access token on admin endpoints
High
CVE-2018-11047
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins
Moderate
CVE-2018-1999047
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins Core
Moderate
CVE-2016-3722
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Authorization bypass in Spring Security
Critical
CVE-2022-22978
was published
for
org.springframework.security:spring-security-core
(Maven)
May 20, 2022
Sandbox bypass in ontrack Jenkins Plugin
Critical
CVE-2019-10306
was published
for
org.jenkins-ci.plugins:ontrack
(Maven)
May 24, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin
Critical
CVE-2019-10418
was published
for
io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps
(Maven)
May 24, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin
Critical
CVE-2019-10417
was published
for
io.fabric8.pipeline:kubernetes-pipeline-steps
(Maven)
May 24, 2022
Keycloak Unauthenticated Access
High
CVE-2019-14832
was published
for
org.keycloak:keycloak-model-infinispan
(Maven)
May 24, 2022
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin
Critical
CVE-2019-10458
was published
for
org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline
(Maven)
May 24, 2022
Incorrect Authorization in Jenkins Script Security Plugin
High
CVE-2019-16538
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Memory usage graphs accessible to anyone with Overall/Read
Moderate
CVE-2020-2104
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2135
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2134
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Missing permission checks in Mac Plugin
Moderate
CVE-2020-2148
was published
for
fr.edf.jenkins.plugins:mac
(Maven)
May 24, 2022
Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin
Moderate
CVE-2020-2188
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
Improper authorization of users and groups with the same base name in Jenkins GitLab Authentication Plugin
High
CVE-2020-2228
was published
for
org.jenkins-ci.plugins:gitlab-oauth
(Maven)
May 24, 2022
Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs
Moderate
CVE-2020-2233
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
May 24, 2022
Incorrect permission check in Health Advisor by CloudBees Plugin
Moderate
CVE-2020-2258
was published
for
org.jenkins-ci.plugins:cloudbees-jenkins-advisor
(Maven)
May 24, 2022
Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin
High
CVE-2020-2286
was published
for
org.jenkins-ci.plugins:role-strategy
(Maven)
May 24, 2022
Information leak in Gerrit
Low
CVE-2020-8920
was published
for
com.google.gerrit:gerrit-plugin-api
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API