Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,386
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,480
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

204 advisories

Loading
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2134 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2135 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault
Script security sandbox bypass in Jenkins Job DSL Plugin Critical
CVE-2019-1003034 was published for org.jenkins-ci.plugins:job-dsl (Maven) May 13, 2022
westonsteimel
Script security sandbox bypass in Matrix Project Plugin Critical
CVE-2019-1003031 was published for org.jenkins-ci.plugins:matrix-project (Maven) May 13, 2022
westonsteimel
Jenkins Azure AD Plugin allows bypassing CSRF protection for any URL High
CVE-2021-21679 was published for org.jenkins-ci.plugins:azure-ad (Maven) May 24, 2022
NotMyFault
Jenkins SAML Plugin allows bypassing CSRF protection for any URL High
CVE-2021-21678 was published for org.jenkins-ci.plugins:saml (Maven) May 24, 2022
NotMyFault
Sandbox bypass vulnerability in Jenkins Script Security Plugin Critical
CVE-2020-2279 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault westonsteimel
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously... High Unreviewed
CVE-2023-5557 was published Oct 13, 2023
Jenkins Groovy Plugin sandbox bypass vulnerability High
CVE-2019-1003033 was published for org.jenkins-ci.plugins:groovy (Maven) May 13, 2022
Sandbox Bypass in Script Security Plugin High
CVE-2019-1003005 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
westonsteimel
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21690 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Improper handling of untrusted branches in Gitea Jenkins Plugin High
CVE-2019-10330 was published for org.jenkins-ci.plugins:gitea (Maven) May 24, 2022
westonsteimel
Protection mechanism failure in some Intel DCM software before version 5.2 may allow an... Critical Unreviewed
CVE-2023-31273 was published Nov 14, 2023
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin High
CVE-2022-43401 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Oct 19, 2022
NotMyFault
Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023.1 and Intel(R)MPI Library... Moderate Unreviewed
CVE-2023-27383 was published Nov 14, 2023
Protection mechanism failure in some Intel(R) Distribution of OpenVINO toolkit software before... Moderate Unreviewed
CVE-2023-25080 was published Nov 14, 2023
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on... Low Unreviewed
CVE-2023-5875 was published Nov 2, 2023
Potential HTTP policy bypass when using header rules in Cilium Moderate
CVE-2023-30851 was published for github.com/cilium/cilium (Go) May 22, 2023
Remote Code Execution in Custom Integration Upload High
CVE-2023-41319 was published for ethyca-fides (pip) Sep 7, 2023
grmpyninja
Jenkins Script Security Plugin sandbox bypass vulnerability Critical
CVE-2022-43403 was published for org.jenkins-ci.plugins:script-security (Maven) Oct 19, 2022
Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution Critical
CVE-2022-43402 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Oct 19, 2022
Agent-to-controller security bypass in Jenkins Squash TM Publisher (Squash4Jenkins) Plugin allows writing arbitrary files High
CVE-2021-43578 was published for org.jenkins-ci.plugins:squashtm-publisher-plugin (Maven) May 24, 2022
NotMyFault
User login brute force protection functionality bypass Critical Unreviewed
CVE-2022-27516 was published Nov 9, 2022
isolated-vm has vulnerable CachedDataOptions in API Critical
CVE-2022-39266 was published for isolated-vm (npm) Sep 30, 2022
hedgehog80
Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA)... Moderate Unreviewed
CVE-2020-3458 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database