Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

175 advisories

Loading
Jinja2 sandbox escape via string formatting High
CVE-2019-10906 was published for Jinja2 (pip) Apr 10, 2019
Denial of Service in http-proxy High
GHSA-6x33-pw7p-hmpq was published for http-proxy (npm) Sep 4, 2020
chalbersma Credited to chalbersma
Unpreventable top-level navigation High
CVE-2020-15174 was published for electron (npm) Oct 6, 2020
masatokinugawa Credited to masatokinugawa
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin High
CVE-2022-23118 was published for ru.yandex.jenkins.plugins.debuilder:debian-package-builder (Maven) Jan 13, 2022
westonsteimel Credited to westonsteimel
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25182 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25183 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25181 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is... High Unreviewed
CVE-2021-32960 was published Apr 3, 2022
Sandbox Bypass in Script Security Plugin High
CVE-2019-1003005 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
westonsteimel Credited to westonsteimel
Jenkins Groovy Plugin sandbox bypass vulnerability High
CVE-2019-1003033 was published for org.jenkins-ci.plugins:groovy (Maven) May 13, 2022
Protection Mechanism Failure in Jenkins Script Security Plugin High
CVE-2019-1003000 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD)... High Unreviewed
CVE-2019-1669 was published May 13, 2022
A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an... High Unreviewed
CVE-2018-0383 was published May 13, 2022
Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding... High Unreviewed
CVE-2017-2685 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... High Unreviewed
CVE-2017-10952 was published May 13, 2022
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7... High Unreviewed
CVE-2013-2465 was published May 14, 2022
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series,... High Unreviewed
CVE-2018-9322 was published May 14, 2022
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series,... High Unreviewed
CVE-2018-9312 was published May 14, 2022
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series,... High Unreviewed
CVE-2018-9320 was published May 14, 2022
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series,... High Unreviewed
CVE-2018-9314 was published May 14, 2022
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX... High Unreviewed
CVE-2017-3893 was published May 17, 2022
A vulnerability in the detection engine of Cisco Firepower Threat Defense (FTD) Software could... High Unreviewed
CVE-2019-1832 was published May 24, 2022
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol... High Unreviewed
CVE-2019-1970 was published May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2134 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2135 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault Credited to NotMyFault and nhakmiller nhakmiller nhakmiller
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database