Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,935 advisories

Loading
Allocation of Resources Without Limits or Throttling in metadata-extractor High
CVE-2022-24614 was published for com.drewnoakes:metadata-extractor (Maven) Feb 25, 2022
cpropps-sysdig
Path traversal in MCMS High
CVE-2021-46037 was published for net.mingsoft:ms-mcms (Maven) Feb 19, 2022
MCMS Arbitrary File Deletion vulnerability High
CVE-2021-46062 was published for net.mingsoft:ms-basic (Maven) Feb 19, 2022
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin High
CVE-2022-25173 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
westonsteimel
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin High
CVE-2022-25174 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
westonsteimel
Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection High
CVE-2022-25175 was published for org.jenkins-ci.plugins.workflow:workflow-multibranch (Maven) Feb 16, 2022
daniel-beck
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25181 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25183 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25182 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Stored Cross-site Scripting vulnerability in Jenkins Custom Checkbox Parameter Plugin High
CVE-2022-25189 was published for io.jenkins.plugins:custom-checkbox-parameter (Maven) Feb 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Agent Server Parameter Plugin High
CVE-2022-25191 was published for io.jenkins.plugins:agent-server-parameter (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins autonomiq plugin High
CVE-2022-25194 was published for io.jenkins.plugins:autonomiq (Maven) Feb 16, 2022
westonsteimel NotMyFault
CSRF vulnerability in Jenkins SCP publisher Plugin High
CVE-2022-25198 was published for org.jenkins-ci.plugins:scp (Maven) Feb 16, 2022
NotMyFault
Missing permission check in Jenkins SCP publisher Plugin High
CVE-2022-25199 was published for org.jenkins-ci.plugins:scp (Maven) Feb 16, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins dbCharts Plugin High
CVE-2022-25205 was published for org.jenkins-ci.plugins:dbCharts (Maven) Feb 16, 2022
NotMyFault
Missing Authorization in Jenkins dbCharts Plugin High
CVE-2022-25206 was published for org.jenkins-ci.plugins:dbCharts (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins Chef Sinatra Plugin allow XXE High
CVE-2022-25207 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault
Missing permission checks in Jenkins Chef Sinatra Plugin allow XXE High
CVE-2022-25208 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault
Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra High
CVE-2022-25209 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault
Session Fixation in WildFly Elytron High
CVE-2020-10714 was published for org.wildfly.security:wildfly-elytron (Maven) Feb 15, 2022
Incorrect Authorization in WildFly Elytron High
CVE-2020-1748 was published for org.wildfly.security:wildfly-elytron (Maven) Feb 15, 2022
Deserialization of untrusted data in Apache Cayenne High
CVE-2022-24289 was published for org.apache.cayenne:cayenne-server (Maven) Feb 12, 2022
Arbitrary code execution in Magnolia CMS High
CVE-2021-46363 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
Deserialization of Untrusted Data in Magnolia CMS High
CVE-2021-46364 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
Cross-Site Request Forgery in Magnolia CMS High
CVE-2021-46366 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database