GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,961
Composer 4,055
Erlang 29
GitHub Actions 19
Go 1,889
Maven 5,076
npm 3,605
NuGet 638
pip 3,208
Pub 10
RubyGems 852
Rust 816
Swift 35

Unreviewed advisories

All unreviewed 227,390

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

130 advisories

Filter by severity

Sort by

Least recently updated

Incorrect Authorization in Jenkins Mercurial Plugin Moderate

CVE-2018-1000112 was published for org.jenkins-ci.plugins:mercurial (Maven) May 13, 2022

Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes Moderate

CVE-2018-1000114 was published for org.jenkins-ci.plugins:promoted-builds (Maven) May 13, 2022

Jenkins vSphere Plugin incorrect authorization vulnerability Moderate

CVE-2018-1000152 was published for org.jenkins-ci.plugins:vsphere-cloud (Maven) May 13, 2022

Jenkins Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration High

CVE-2018-1000197 was published for com.blackducksoftware.integration:blackduck-hub (Maven) May 13, 2022

Improper authorization vulnerability in Jenkins Mesos Plugin Moderate

CVE-2018-1000420 was published for org.jenkins-ci.plugins:mesos (Maven) May 13, 2022

Cloud Foundry UAA accepts refresh token as access token on admin endpoints High

CVE-2018-11047 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022

Incorrect Authorization in Jenkins Moderate

CVE-2018-1999047 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022

Incorrect Authorization in Jenkins Core Moderate

CVE-2016-3722 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022

Authorization bypass in Spring Security Critical

CVE-2022-22978 was published for org.springframework.security:spring-security-core (Maven) May 20, 2022

Sandbox bypass in ontrack Jenkins Plugin Critical

CVE-2019-10306 was published for org.jenkins-ci.plugins:ontrack (Maven) May 24, 2022

Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin Critical

CVE-2019-10418 was published for io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps (Maven) May 24, 2022

Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin Critical

CVE-2019-10417 was published for io.fabric8.pipeline:kubernetes-pipeline-steps (Maven) May 24, 2022

Keycloak Unauthenticated Access High

CVE-2019-14832 was published for org.keycloak:keycloak-model-infinispan (Maven) May 24, 2022

Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin Critical

CVE-2019-10458 was published for org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline (Maven) May 24, 2022

Incorrect Authorization in Jenkins Script Security Plugin High

CVE-2019-16538 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022

Memory usage graphs accessible to anyone with Overall/Read Moderate

CVE-2020-2104 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022

Sandbox bypass vulnerability in Script Security Plugin High

CVE-2020-2135 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022

Sandbox bypass vulnerability in Script Security Plugin High

CVE-2020-2134 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022

Missing permission checks in Mac Plugin Moderate

CVE-2020-2148 was published for fr.edf.jenkins.plugins:mac (Maven) May 24, 2022

Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin Moderate

CVE-2020-2188 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022

Improper authorization of users and groups with the same base name in Jenkins GitLab Authentication Plugin High

CVE-2020-2228 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) May 24, 2022

Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs Moderate

CVE-2020-2233 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) May 24, 2022

Incorrect permission check in Health Advisor by CloudBees Plugin Moderate

CVE-2020-2258 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 24, 2022

Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin High

CVE-2020-2286 was published for org.jenkins-ci.plugins:role-strategy (Maven) May 24, 2022

Information leak in Gerrit Low

CVE-2020-8920 was published for com.google.gerrit:gerrit-plugin-api (Maven) May 24, 2022

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

130 advisories