Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,736
Maven
5,000+
npm
4,336
NuGet
764
pip
4,110
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,969 advisories

Loading
Cross-site Scripting in Jenkins Autocomplete Parameter Plugin High
CVE-2022-30961 was published for org.jenkins-ci.plugins:autocomplete-parameter (Maven) May 18, 2022
NotMyFault
Credited to NotMyFault
Cross-Site Request Forgery in Jenkins Autocomplete Parameter Plugin High
CVE-2022-30969 was published for org.jenkins-ci.plugins:autocomplete-parameter (Maven) May 18, 2022
NotMyFault
Credited to NotMyFault
Cross Site Request Forgery in Jenkins SSH Plugin High
CVE-2022-30958 was published for org.jenkins-ci.plugins:ssh (Maven) May 18, 2022
NotMyFault
Credited to NotMyFault
Cross-site Scripting in Jenkins Multiselect parameter Plugin High
CVE-2022-30964 was published for io.jenkins.plugins:multiselect-parameter (Maven) May 18, 2022
NotMyFault
Credited to NotMyFault
HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere High
CVE-2022-21126 was published for com.github.samtools:htsjdk (Maven) Nov 29, 2022
Apache Dolphin Scheduler has insufficiently protected credentials High
CVE-2022-26885 was published for org.apache.dolphinscheduler:dolphinscheduler-common (Maven) Nov 24, 2022
FusionAuth vulnerable to directory traversal attack High
CVE-2022-45921 was published for io.fusionauth:fusionauth-java-client (Maven) Nov 28, 2022
Cross-site Scripting in Jenkins Autocomplete Parameter Plugin High
CVE-2022-30970 was published for org.jenkins-ci.plugins:autocomplete-parameter (Maven) May 18, 2022
NotMyFault
Credited to NotMyFault
XML External Entity Reference in Jenkins Storable Configs Plugin High
CVE-2022-30971 was published for org.jvnet.hudson.plugins:storable-configs-plugin (Maven) May 18, 2022
NotMyFault
Credited to NotMyFault
Cross-site Scripting in Jenkins vboxwrapper Plugin High
CVE-2022-30968 was published for org.jenkins-ci.plugins:vboxwrapper (Maven) May 18, 2022
NotMyFault
Credited to NotMyFault
Cross-site Scripting in Jenkins Application Detector Plugin High
CVE-2022-30960 was published for org.jenkins-ci.plugins:app-detector (Maven) May 18, 2022
NotMyFault
Credited to NotMyFault
Cross-site Scripting in Jenkins JDK Parameter Plugin High
CVE-2022-30963 was published for org.jenkins-ci.plugins:JDK_Parameter_Plugin (Maven) May 18, 2022
NotMyFault
Credited to NotMyFault
Cross-site Scripting in Jenkins Global Variable String Parameter Plugin High
CVE-2022-30962 was published for org.jenkins-ci.plugins:global-variable-string-parameter (Maven) May 18, 2022
NotMyFault
Credited to NotMyFault
Cross site scripting in Jenkins Selection tasks Plugin High
CVE-2022-30967 was published for org.jvnet.hudson.plugins:selection-tasks-plugin (Maven) May 18, 2022
NotMyFault
Credited to NotMyFault
Deserialization of Untrusted Data in Apache Hadoop YARN High
CVE-2021-25642 was published for org.apache.hadoop:hadoop-yarn-server (Maven) Aug 26, 2022
Cross-site Scripting in Jenkins Rundeck Plugin High
CVE-2022-30956 was published for org.jenkins-ci.plugins:rundeck (Maven) May 18, 2022
NotMyFault
Credited to NotMyFault
Cross Site Request Forgery in Jenkins Storable Configs Plugin High
CVE-2022-30972 was published for org.jvnet.hudson.plugins:storable-configs-plugin (Maven) May 18, 2022
NotMyFault
Credited to NotMyFault
Missing Authorization in Jenkins SSH plugin High
CVE-2022-30959 was published for org.jenkins-ci.plugins:ssh (Maven) May 18, 2022
NotMyFault
Credited to NotMyFault
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin High
CVE-2022-30945 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 18, 2022
NotMyFault
Credited to NotMyFault
Path Traversal in Payara High
CVE-2022-37422 was published for fish.payara.api:payara-bom (Maven) Aug 19, 2022
Incorrect implementation of lockout feature in Keycloak High
CVE-2021-3513 was published for org.keycloak:keycloak-parent (Maven) Aug 23, 2022
XXE vulnerability in Jenkins WebSphere Deployer Plugin High
CVE-2020-2108 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Path Traversal in Apache Camel High
CVE-2019-0194 was published for org.apache.camel:camel-core (Maven) May 2, 2019
Insufficiently Protected Credentials and Improper Authentication in Spring Security High
CVE-2019-11272 was published for org.springframework.security:spring-security-cas (Maven) Jun 27, 2019
XML External Entity injection in Apache Camel High
CVE-2019-0188 was published for org.apache.camel:camel-core (Maven) May 29, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database